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                       Tuesday, September 9, 2008

             U.S. House of Representatives,
                    Committee on Homeland Security,
Subcommittee on Transportation Security and Infrastructure 
                                                Protection,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2:17 p.m., in 
Room 311, Cannon House Office Building, Hon. Sheila Jackson Lee 
[Chairwoman of the subcommittee] presiding.
    Present: Representatives Thompson, Jackson Lee, DeFazio, 
Norton, Clarke, Lungren, and Brown-Waite.
    Ms. Jackson Lee [presiding]. The subcommittee will come to 
order. The subcommittee is meeting today to receive testimony 
on ``Ensuring America's Security: Cleaning up the Nation's 
Watchlists''.
    It is appropriate, as we are joined by the Chairman of the 
full committee, who has been noted as one of the Nation's 
leading champions of securing this Nation, that we hold this 
hearing on the day of the issuance of a report by an 
organization that includes the membership of Lee Hamilton, a 
member of the 9/11 Commission, that indicates that America is 
in the line of a terrorist incident involving bioterrorism and, 
certainly, nuclear products.
    The reason why I make mention of this is the importance of 
a secure, reliable watchlist for those who are destined to do 
us wrong is necessary so that we can provide for the protection 
of Americans. This should be a primary concern not only of this 
committee, of this Congress, but also of this Nation.
    Our witnesses today will testify about the so-called 
terrorist watchlists and about the steps TSA is taking to 
improve how passengers are checked against that list.
    Good afternoon. I am eager to convene today's hearing to 
evaluate the progress made by the Department of Homeland 
Security on one of the most important recommendations made by 
the 9/11 Commission regarding aviation security.
    Two days from now we will mark the seventh anniversary of 
the attack on the United States by terrorists using our own 
commercial airplanes. The 9/11 terrorist hijacking not only 
scarred the American public by killing thousands of innocent 
citizens, but also dawned a new era in Government.
    The policymakers must endeavor to keep the American safe 
without eroding democratic values and principles.
    Today's hearing will take a closer look at what the Federal 
Government is doing to improve intelligence-driven security 
programs as highlighted in the 9/11 Commission report.
    Certainly, the practice of watchlisting individuals plays 
an important role in identifying possible terrorist suspects. 
It is important to keep in mind that the watchlist is only as 
good as the information on it.
    Without accurate or complete and reliable information, the 
purpose of the watchlist is frustrated, the database becomes 
unreliable, and misidentifications persist.
    Just last year the Government Accountability Office and the 
Department's screening coordination office expressed concerns 
to the full committee regarding the margin of error that exists 
in information gathering related to the database that feeds the 
watchlist.
    Today I am determined to learn from our witnesses about to 
what extent these concerns have been addressed. Getting the 
watchlist fixed and reducing misidentifications is a 
particularly difficult challenge, but as I started out, it is 
the underpinnings of the security of this Nation. Get the bad 
guys; release the innocent.
    In order to do so, all of the intelligence and law 
enforcement components that populate the list must come 
together and work collectively to clean it up. This 
subcommittee has been advocating such coordination for some 
time, and I encourage the TSA to move quickly down this path.
    Let me thank Congresswoman Yvette Clarke for her very 
thoughtful legislation that added an additional form of relief 
for those who have been subjected to misidentification on the 
watchlist.
    In addition to the watchlist, I remain highly concerned 
about the TSA's lack of demonstrated progress in implementing 
the Secure Flight program.
    Earlier this year Assistant Secretary Hawley told the 
subcommittee that TSA is approaching its final planning stages 
for Secure Flight, notwithstanding the troubled history of 
Secure Flight's $200 million program.
    Let me suggest that the administrator, Assistant Secretary 
Hawley, is here today in spite of some difficult security 
issues and challenges that he is facing. We are glad that he is 
here.
    He is also well aware of the concern of this committee, and 
I am very gratified to indicate that he is willing to work with 
this committee, recognizing that we have been focusing on 
Secure Flight and recognizing that there is no final rule.
    I believe it is important that we legislate this process 
and work with all of those concerned to ensure that we might 
move this along effectively, inasmuch as I believe that TSA 
will be able to move quickly with a legislative initiative that 
I intend to offer to this committee.
    We are finding out that the TSA--and I hope it will be 
affirmed by Assistant Secretary Hawley--has in fact met the 
criteria to move forward on Secure Flight. I hope that he will 
affirm that, and that we will be able to address our concerns, 
our urgent concerns, with the legislative initiative from this 
committee.
    Until Secure Flight is operational, redress is the only 
real recourse for an American who is repeatedly stopped or 
delayed at airports and border crossings because he or she is 
misidentified as a terrorist threat.
    Since April 2008, over 32,000 Americans have sought redress 
through the DHS Travel and Redress Inquiry Program, also known 
as DHS TRIP. If we can get a legislative fix of Secure Flight, 
that will be an answer to many of the concerns we will hear 
today. That will answer the questions of thousands of Americans 
and others who are unfairly or misidentified on the watchlist.
    Unfortunately, the effectiveness of DHS TRIP remains 
questionable, as individuals who have gone through the redress 
process continue to experience problems when traveling.
    Today we will look at TSA's policies and administration of 
the cleared list, which contains the names of individuals who 
have completed the redress process and have been subsequently 
cleared.
    The use of the cleared list by air carriers when screening 
the passengers again against the watchlist match must also be 
thoughtfully reviewed. Again, I reiterate it may be an 
important time for a legislative initiative on Secure Flight.
    Again, as I mentioned, I want to thank Congresswoman Yvette 
Clarke, because on June 18, 2008, the House unanimously passed 
H.R. 4179, the Fair, Accurate, Secure and Timely Redress Act 
introduced by my colleague from New York, Congresswoman Yvette 
Clarke.
    Under the FAST Redress Act, the cleared list would be 
shared throughout DHS and with other Federal agencies that use 
the terrorist watchlist or database.
    I commend my colleague for her effort to address this issue 
expeditiously.
    At this time I would like to acknowledge the presence of 
two people who flew here from California at their own expense 
to attend today's hearing. Ms. Denise Robinson and her son, 
James, came here today so that Ms. Robinson could describe the 
troubles her 8-year-old son and the rest of her family have 
encountered because of the watchlist.
    Every time young James travels, he has to deal with the 
delays and hassles of being consistently misidentified. 
Wouldn't it be wonderful if in today's hearing there could be a 
coming together of the TSA and this committee and the full 
committee for a legislative fix that would assist in this 
particular set of circumstances?
    Remember, our job is to secure America and to protect 
democracy.
    Regrettably, James' story is one among many about which we 
have heard recently. It is imperative that the watchlist is 
accurate and narrowly tailored so that it only includes 
individuals who may wish to do our country harm.
    I cannot imagine that this administration, working with 
this committee, with both equally concerned about integrity and 
about the honesty and fairness of the watchlist, cannot find a 
solution to this issue.
    As a member of our second panel, it is my hope that Ms. 
Robinson's testimony will provide some real world perspective 
to the problems associated with the watchlist.
    Without objection, James will be allowed to sit with his 
mother at the witness table during the second panel today, 
though he will not be testifying or answering questions.
    Hearing no objection, it is so ordered.
    Once again, I would like to thank everyone for their 
participation today, and I look forward to hearing from our 
witnesses.
    I am now pleased to recognize the Ranking Member of the 
subcommittee, a gentleman who has worked closely with us 
throughout our time in the 110th Congress, and this is the 
distinguished gentleman from California, Mr. Lungren, for an 
opening statement.
    Mr. Lungren. Thank you very much, Madam Chairwoman.
    Nice to see all of you, after being gone for about 5 weeks. 
I must say that, having just come back from Minneapolis-St. 
Paul, I feel much better than I did 5 or 6 weeks ago.
    As we approach the seventh anniversary of 9/11, that 
horrific terrorist attack which called 3,000 innocent 
Americans, it is fitting that we focus, as we are here today, 
on watchlist matching, which is now one of our first lines of 
defense for aviation security.
    A consolidated terrorist watchlist was one of the key 
recommendations made by the 9/11 Commission, and I agree with 
the commission's recommendation. I believe that terrorist 
watchlist matching is a critical first layer of aviation 
security.
    Terror watchlists keep legitimate terrorist threats off 
airplanes every day all over the world.
    We always have the problem, and we have to confront the 
problem of having people on that list that ought not to be on 
the list. I hope that we can solve that.
    As one who has a new artificial hip, I hope they can solve 
the problem of the pat-downs I get every time I go through as 
well. But I understand that there are certain inconveniences 
and some imperfections in the system, and we need to work to 
alleviate those problems as best we can.
    But we also have to understand why we are engaged in these 
inconveniences. I have to remind myself every time I go 
through, because I know despite the fact I am going to tell him 
exactly where the hip is and where it is, I am still going go 
through that pat-down.
    Part of the formation of the Terrorist Screening Center, 
the TSC, watchlists were maintained by a dozen different 
Federal agencies, I believe. This created inconsistent and 
disjointed approaches to sharing information on individuals 
with possible links to terrorism.
    Combining these multiple terror watchlists into one 
consolidated list of known or suspected terrorists was to be 
the mission of the Terrorist Screening Center when it was 
established in September 2003.
    I believe it was a major accomplishment. The Terrorist 
Screening Center is administered by the FBI in collaboration 
with DHS and the National Counterterrorism Center.
    This consolidated terror watchlist has approximately 1 
million names representing less than 400,000 actual persons due 
to multiple names, misspellings and aliases. As I understand 
it, the number of Americans on the watchlist now is less than 
13,000.
    But unfortunately, name matching is not a precise science, 
to say the least. Even the TSC's consolidated watchlist is only 
as good as the information contained on the list.
    If the name is the only information available, then name 
matching will be problematic. As always, additional information 
will be necessary to distinguish the innocent from the 
terrorist with the same name.
    TSA and their airline partners should share more 
information and eliminate or significantly reduce the name 
mismatches. At least that is my hope, but a name and a date of 
birth could resolve most of these name-matching discrepancies.
    I do recall the tension that we had a number of years ago 
when we were trying to deal with this issue. The question was 
how much information--commercial information--should the 
Government have in its possession, not to put people on the 
watchlist, but to match against those that we had on a 
preliminary watchlist to knock them off because of additional 
data.
    There was a question we had of privacy. Do we want to give 
the Government too much information that they hold in their 
hands for us? So maybe in the testimony that we are going to 
hear, we can see how that has been addressed and if we need to 
address it further and if you need some legislation on it.
    So I mean I think people need to understand if you are 
going to take my name off the list, one of the ways you can do 
it is by going against other data--in most cases, that is 
commercially available data--run that against that list, be 
able to ferret out those that don't belong on there, but at the 
same time how do we protect the privacy interests that have 
come up?
    Hopefully, we can deal with that question.
    The terror watchlist redress procedure also, as we know, 
needs updating. Representative Clarke addressed this issue of 
privacy constraints in her legislation, H.R. 4179, the Fast 
Redress Act of 2008 mentioned earlier by the Chairwoman.
    It passed this committee and the House of Representatives 
with bipartisan support. There was nothing partisan about it 
whatsoever. But I understand it was referred to the Senate 
Commerce Committee, where it remains today.
    They could have held it at the desk and dealt with it right 
away, and we could have gotten that out. So, hopefully, if 
anybody listens to what we are doing here, they might hear over 
on the Senate side that we should speed up the redress process.
    We did it on a bipartisan basis here. I don't see why there 
should be any problem on the Senate side to get that done as 
quickly as possible.
    I think it would help, at least unless I am told 
differently by our panels here, that it would help in clearing 
the names of innocent watchlist victims like Denise Robinson's 
son, as well as Congressman John Lewis. At least that was our 
intention when we passed it here.
    I don't know why the Senate doesn't just take our good work 
once in a while and move so that we can start working on our 
side. I mean I think really with these witnesses here, we are 
going to find out where we think they haven't done enough on 
their side, but on our side we need the Senate to act.
    The long-awaited Secure Flight program will greatly 
improve, in my judgment, the existing name-based screening 
process. TSA will assume the terror watchlist matching 
responsibility at the beginning of 2009 for passengers on all 
flights within the United States, and ultimately for 
international flights departing and arriving in the United 
States.
    As the Chairwoman suggested, Secure Flight will provide the 
additional identifying information necessary to eliminate 
mismatching innocent passengers to terrorist suspects in the 
screening process.
    So, hopefully, with the legislation we passed, and if the 
Senate would act on, with the Secure Flight and with answering 
this question as to how much commercial information or how you 
would query commercial databases in an efficient way so that we 
can clear up these names that ought not to be on there, we 
might be able to solve of the problems that we are really 
legitimately looking at here today.
    So I am hopeful the final rule for the important program of 
Secure Flight will be issued shortly by TSA. I join the 
Chairwoman in thanking our witnesses for being here and look 
forward to hearing from them.
    Thank you very much.
    Ms. Jackson Lee. I thank the Ranking Member for his 
collaborative statement and hope that we can work together as 
we look at a way to legislate and hopefully think of that as a 
vehicle.
    We will not get into the blame game of who is not moving 
fast enough. I think it is important that we reach out to the 
Senate on the legislation of Congresswoman Clarke.
    If we move as quickly as I expect, and work in a bipartisan 
manner through this committee on legislation that might 
expedite Secure Flight, that we move out as fast as we could to 
the Senate and work with them.
    September 11 should remind us--all of us--of the need of 
securing this Nation as we come upon that commemoration.
    It is now the pleasure of the Chairwoman to recognize the 
Chairman of the full committee, the gentleman from Mississippi, 
Mr. Thompson, who I mentioned before, who has become a 
standard-bearer of securing the homeland.
    I yield to the distinguished gentleman.
    Mr. Thompson. Thank you very much, Madam Chairwoman, for 
convening this important hearing today.
    When most people hear about the terrorist watchlist, they 
think of flying and about the No-Fly List they hear about on 
TV. But the watchlist is much broader than that.
    It is used by a number of different Federal agencies, 
including TSA, Customs and Border Protection, the State 
Department and other Federal, State, local, territorial and 
tribal law enforcement agencies.
    Since the Terrorist Screening Center was created, we have 
seen some real progress in taking multiple watchlists and 
combining them into one functional list.
    Now, we will have a question during this hearing, because 
we understand that there is a problem when you take multiple 
watchlists, because sometimes it involves a data dump, and you 
don't know whether you got good stuff or bad. What happens is 
everything shows up on the list. We will talk a little bit 
about that.
    In the process of putting these lists together, we have 
stopped some really bad people from entering the country, and 
that is good. Director Boyle and the Terrorist Screening Center 
and his employees, such as Mr. Kopel, ought to be commended for 
doing a good job.
    But we also have seen the pitfalls of maintaining such a 
list. We continue to see it grow with the addition of the names 
of thousands of Americans. I am concerned with the quality of 
the data, privacy concerns and the civil liberties of 
individuals, whose names are on that list.
    I look forward to hearing from Ms. Lillie Coney from the 
Electronic Privacy Information Center, who is here to speak 
about the privacy concerns related to the watchlist.
    In the past this committee has explored questions involving 
the collection and maintenance of the terrorist screening 
database. Today we will follow up on any progress made by the 
Federal Government in its efforts to reduce the amount of 
misidentifications while providing a critical layer of 
security.
    Our Ranking Member talked about Congressman John Lewis' 
continuous saga of being misidentified.
    One of the problems I want to talk about a little bit is 
why do we put the burden on airlines? We have a number of 
airlines, domestic airlines here in the country, and my 
understanding is each airline has to maintain its own system. 
So if Congressman Lewis is interested in not being detained, 
then he has to go to each individual airline in order to get 
cleared. That is a laborsome process.
    We have been told that maybe Secure Flight is the answer. 
We are not sure, but we are going to have to fix it.
    So I look forward to the witnesses' testimony, and I yield 
back the balance of my time.
    Ms. Jackson Lee. We thank the Chairman of the full 
committee for his statement. Might I acknowledge the presence 
of Members of the committee--Mr. DeFazio of Oregon, Ms. Clarke 
of New York, and Ms. Brown-Waite of Florida?
    Other Members of the subcommittee are reminded that under 
the committee rules, opening statements may be submitted for 
the record.
    I welcome our first panel of witnesses. Our first witness, 
Greg Wellen. Greg Wellen is the assistant administrator of 
Transportation Threat Assessment and Credentialing Office at 
TSA. Mr. Wellen oversees the development and deployment of 
security programs such as Secure Flight and other threat 
assessment tools managed at TSA.
    Our second witness is Mr. Richard Kopel. Mr. Kopel is a 
terrorist threat tracking officer in the Department of Homeland 
Security's Office of Intelligence and Analysis. He is currently 
assigned as the principal deputy director of the Terrorist 
Screening Center. Mr. Kopel has had an extensive career in 
public service, as well as experience in the private sector.
    Our third witness is Ms. Cathleen Berrick from the 
Government Accountability Office. We welcome Ms. Berrick, who 
routinely testifies before this subcommittee and full 
committee, for providing insight that is constructive as 
relates to their analysis. We are looking forward to her 
assessment of the progress made by TSA to Secure Flight and 
related security directives.
    Without objection, the witnesses' full statements will be 
inserted into the record. I now ask each witness to summarize 
his or her statement for 5 minutes.
    I also ask unanimous consent that, as I indicated, that the 
assistant secretary is dealing with a number of security issues 
as we speak, to yield to Mr. Hawley, who is part of Mr. Wellen, 
for a brief remark, and I know that we will be able to hear 
from Mr. Wellen.
    So with unanimous consent, Mr. Hawley, you are recognized.

   STATEMENT OF EDMUND ``KIP'' HAWLEY, ASSISTANT SECRETARY, 
  TRANSPORTATION SECURITY ADMINISTRATION, ACCOMPANIED BY GREG 
    WELLEN, ASSISTANT ADMINISTRATOR, TRANSPORTATION THREAT 
       ASSESSMENT, TRANSPORTATION SECURITY ADMINISTRATION

    Mr. Hawley. Thank you very much, Madam Chairwoman, Ranking 
Member Lungren, Mr. Chairman and Members of the committee.
    I am pleased to be here with Greg Wellen, who is a 25-year 
Government executive who is the program manager for these 
security screening programs such as Secure Flight and TWIC. 
Greg will identify a lot of the issues that we have discussed 
here.
    I just wanted to have a couple of overall comments--one, 
that I think the partnership is critical and is good, that the 
committee has been very attentive to this issue and given clear 
direction on Secure Flight coming fast, that it be effective 
and that it be secure of protecting privacy. I believe all of 
those things are now in position to happen.
    The second thing is that the partnership with the Terrorist 
Screening Center, who is the custodian of the watchlist, and 
with the airlines, who are our partners in implementing it, 
that those are critical relationships, and I believe they work 
well.
    The punch-line to the American people is that if someone is 
identified by an agency of the U.S. Government as being unsafe 
to have on an aircraft, that we are today effectively 
preventing that from happening. So that is probably the most 
important thing, and that is happening.
    We are all aware of the issues that involve people such as 
our guests from California, who are not watchlisted, but who, 
through the process, may somehow end up thinking that they are. 
I think that is a very right issue for us to evaluate.
    But as far as what the Chairman was talking about in terms 
of Secure Flight being the answer, I believe it is. With the 
four parts of getting that implemented--the authority to do it, 
the privacy, the technical readiness and our work with the 
partners--that the authority depends on the rule coming out, 
which we hope will happen in October or November.
    The privacy issues I believe have been resolved, which Mr. 
Wellen will describe. The technical issues have been resolved, 
which Mr. Wellen will be describing--even working with the 
partners.
    So those are the pieces, those are the moving parts of 
getting Secure in place, and I believe we are in a position 
where working together we can get that in place in early 2009.
    And Mr. Wellen, if time permits.
    Ms. Jackson Lee. Mr. Wellen.
    Thank you very much, Assistant Secretary. We will have a 
question or two for you.
    Mr. Wellen.

                    STATEMENT OF GREG WELLEN

    Mr. Wellen. Good afternoon, Chairwoman Jackson Lee, Ranking 
Member----
    Ms. Jackson Lee. You are recognized for 5 minutes.
    Mr. Wellen [continuing]. And Members of the subcommittee. 
Thank you for the opportunity to appear before you today to 
discuss TSA's Secure Flight program and our effective use of 
the TSC watchlist.
    I first want to introduce myself to the subcommittee. My 
name is Greg Wellen, and I am the assistant administrator of 
TSA's Office of Transportation Threat Assessment and 
Credentialing, which oversees the Secure Flight program.
    Prior to joining TSA, I worked for more than 25 years as an 
intelligence community officer for the National Security 
Agency. I am a career Government service, and I transferred to 
TSA in April of this year.
    First, to be clear, identification matters. If we believe 
we have intelligence that may lead us to people who are 
planning terrorist attacks, we absolutely must use that 
information.
    When the TSC intelligence committee identifies someone who 
meets the criteria for a person who should not fly, we, TSA and 
the airlines have to make sure that person does not get on a 
plane.
    Basic watchlist name matching is something everybody agrees 
must be done effectively. The problem we face is not an 
overgrown watchlist with too many names or names that don't 
matter. The real issue is how to match actual passenger names 
against those very important names that are on the TSC 
watchlist.
    TSA does not control how airlines match names. That is a 
business decision that each airline must make. Each airline has 
a different process for using the watchlist to match names.
    One carrier may have a sophisticated computer system that 
uses robust filters to clear names. Another carrier may check 
names manually or use a less advanced software program. The 
result is inconsistency between airlines and inconvenience to 
their passengers.
    The problem is solved when the same method is used to clear 
a passenger from the list. That answer is Secure Flight. TSA is 
working in partnership with the airlines to enhance their 
ability to avoid delays of passengers with names similar to 
those on the watchlist.
    Hassles due to misidentification and the need to stand in 
line at the ticket counter is a consistent complaint by the 
traveling public, and we share that concern. Thousands of 
passengers are inconvenienced each day.
    Secretary Chertoff announced in April the flexibility given 
to the airlines to create a system to verify and securely score 
a passenger's date of birth to clear up watchlist 
misidentification.
    By voluntarily providing this limited biographical data to 
an airline, travelers who were previously inconvenienced on 
every trip now have an opportunity for a better travel 
experience.
    More airlines need to take advantage of this process to 
quickly verify that a passenger is not the person on the 
terrorist watchlist.
    TSA has made sure that Secure Flight is the best way 
possible to match names. Our goal is to stop the people who 
need to be stopped and let other passengers go through freely.
    In 2005 GAO and the Secure Flight working group issued 
reports saying that more needed to be done in terms of privacy 
and program integrity for Secure Flight. In February 2006 
Administrator Hawley testified that we would re-beat baseline 
Secure Flight to address the concerns expressed in the report.
    TSA significantly upgraded the design and development of 
the program, and the implementing rule has received public 
scrutiny and discussion. The rule is now in the final stages of 
administrative review.
    Today I am pleased to announce a significant milestone in 
the implementation of Secure Flight. Secretary Chertoff has 
certified that TSA has successfully met the 10 conditions 
required by Congress as outlined in the 2005 DHS Appropriation 
Act.
    This paves the way for Secure Flight to commence operations 
as planned in January 2009. Administrator Hawley invites all 
airlines to participate in the test process so that their 
passengers benefit from the convenience of Secure Flight.
    I am confident that we have the right team in place to make 
Secure Flight a success moving forward. While some may say it 
is difficult to balance increased security while protecting 
individual rights, TSA is very clear that privacy and security 
are essential ingredients, and both have been built directly 
into the Secure Flight program.
    Secure Flight will result in better security and create a 
more consistent and uniform pre-screening process for 
passengers while at the same time reducing misidentifications.
    Thank you for the opportunity to appear today. I would be 
happy to answer any questions.
    [The joint statement of Mr. Hawley and Mr. Wellen follows:]
      Prepared Statement of Edmund ``Kip'' Hawley and Greg Wellen
                           September 9, 2008
    Good afternoon, Chairwoman Jackson Lee, Ranking Member Lungren, and 
Members of the subcommittee. Thank you for the opportunity to appear 
before you today on behalf of the Transportation Security 
Administration (TSA) and the Department of Homeland Security (DHS) to 
discuss our continuing efforts to improve the aviation security 
environment through the development of the Secure Flight program and to 
effectively use intelligence to prevent terrorists from using the 
transportation system to gain entry to or harm the United States.
    First, I would like to thank the subcommittee for its significant 
efforts to support TSA's progress in implementing new security 
approaches. Over the past 2 years, many of the new strategies we have 
discussed--behavior detection techniques, Visible Intermodal Prevention 
and Response (VIPR) teams, travel document checking, Checkpoint 
Evolution--have matured into important, visible components of our 
layered security approach. Your sustained, personal attention and 
oversight have been vital to the success of our security strategy.
    I would also like to acknowledge the strong working relationship 
TSA shares with the Terrorist Screening Center (TSC) and the Government 
Accountability Office (GAO) in carrying out our transportation security 
mission. I am pleased to appear on the panel today with Mr. Kopel of 
the TSC and Ms. Berrick of the GAO.
    The National Commission on Terrorist Attacks Upon the United States 
(9/11 Commission) placed a strong emphasis on enhancing the use of 
watchlists as part of a layered aviation security system. The 9/11 
Commission's final report recommends that the watchlist matching 
function should be performed by TSA and that air carriers should be 
required to supply the information needed to test and implement this 
new system.
    TSA's aviation security strategy relies upon an interlocking system 
of multiple layers of security. Key to this system is the use of 
intelligence to both develop countermeasures against terrorist threats 
and to intervene directly when threats become apparent. One of the most 
important tools in the fight against terrorism is the U.S. Government's 
consolidated Terrorist Screening Database (TSDB).
    Prior to 9/11, information about known or suspected terrorists was 
dispersed throughout the U.S. Government, and no single agency was 
charged with consolidating it and making it available for use in 
terrorist screening. Under Homeland Security Presidential Directive 
(HSPD) 6, the TSC now provides ``one-stop shopping'' so that every 
Government agency is using the same TSDB--whether it is TSA, a U.S. 
consular official issuing visas overseas, or a State or local law 
enforcement officer on the street. The consolidated system allows 
Government agencies to run name checks against one comprehensive 
database with the most accurate, up-to-date information about known and 
suspected terrorists.
    The consolidated system provides the critical nexus between the 
work of the intelligence and law enforcement communities and the rest 
of the counterterrorism community. Our partners in the law enforcement 
and intelligence communities work tirelessly and in some cases under 
great physical danger to identify individuals who pose a terror threat. 
It would be dangerous and negligent not to use this information to our 
advantage. TSA is constantly adapting to the ever-changing threat 
environment and improving our people, processes, and technology to 
detect and deter threats. As important as it is to detect threat 
objects, it is imperative that we use intelligence to aid in the 
identification and interception of the people who would do us harm.
    TSA utilizes subsets of the TSDB--the No-Fly and Selectee lists. A 
nominating agency can recommend that a known or suspected terrorist be 
placed on the No-Fly or Selectee list if the individual meets specific 
criteria for inclusion on that list.
    Terror watchlists keep legitimate terror threats off airplanes 
every day, all over the world. There are significantly fewer than 
50,000 individuals on the No-Fly and Selectee lists and only a small 
percentage of those are in the United States. The lists are reserved 
for known or suspected terrorists who have reached a threshold where 
they should not be allowed to fly or should receive additional scrutiny 
before boarding an aircraft. Using the No-Fly and Selectee watchlists, 
TSA can quickly evaluate passengers to determine if they have a known 
or suspected link to terrorism or pose a threat to national security 
and to prevent passengers with known or suspected links to terrorism 
from boarding aircraft.
    The No-Fly and Selectee lists are made available for passenger 
prescreening to air carriers flying into, out of, or within the United 
States for passenger pre-screening. As part of their shared 
responsibility for aviation security, air carriers play a critical role 
in ensuring that individuals on the No-Fly list do not board aircraft. 
Air carriers must conduct watchlist checks in advance of issuance of 
boarding passes, and they must notify the TSA of a match to the No-Fly 
list. TSA then notifies the TSC and the FBI, which coordinate the 
operational response with law enforcement and other agencies and 
foreign partners as appropriate. Air carriers must also ensure that a 
match to the Selectee list is subject to secondary screening prior to 
boarding an aircraft. Aside from a Selectee match, an individual may be 
subject to secondary screening based on the Computer-Assisted Passenger 
Prescreening Systems (CAPPS), as a result of our behavior detection 
officers, or through other random and unpredictable screening processes 
we have employed at the checkpoint as part of our layered security 
system.
                   passenger verification and redress
    We are all aware of recent news reports about individuals with 
names similar to those on watchlists who are experiencing delays and 
inconvenience at the airport. The current prescreening system is 
effectively catching the people we need to identify, but it is also 
flagging people with similar names.
    Recognizing the impact of screening on the public, particularly 
where only name-based checks are conducted, TSA and other DHS agencies 
have incorporated redress into their screening programs. DHS has 
implemented the DHS Traveler Redress Inquiry Program (DHS TRIP), which 
provides a central gateway for travelers to obtain information about 
screening and redress as well as a central contact to DHS regarding 
their adverse screening experiences. Travelers, regardless of their 
nationality, citizenship, or immigration status, can submit inquiries 
via the DHS TRIP website, email, or postal mail. The DHS TRIP Program 
Office, using its redress management system, assigns redress requests 
to the Department of State or appropriate DHS agencies, ensures 
coordination of responses, and has instituted performance metrics to 
track progress. The DHS TRIP Program Office ensures that the cases are 
then reviewed and resolved, as appropriate, and that travelers receive 
an official response.
    DHS TRIP receives approximately 3,600 requests for redress per 
month. Since DHS TRIP began in February 2007 through August 31, 2008, 
the DHS TRIP system has logged over 41,000 requests for redress. Over 
22,000 applications have been adjudicated and closed with an average 
response time of just over 60 days. The 60-day response time includes 
the duration from the date an initial on-line application is submitted 
through the date the supporting documents are received to the date the 
inquiry is closed.
    Once a redress request associated with No-Fly and Selectee List 
matching is processed, the cleared individual is also added to the TSA 
Cleared List that is provided to air carriers. The Cleared List is 
intended to be used by the airlines to distinguish false matches from 
actual matches as they perform No-Fly and Selectee List matching.
    TSA has been working collaboratively with airlines to enhance the 
ability to avoid delays of passengers with names similar to those on 
watchlists. Hassles due to problems in verification and the resulting 
necessity to stand in line to check in at the ticket counter is a 
consistent complaint by the traveling public. Many passengers are 
inconvenienced each day. In April 2008, DHS provided air carriers with 
more flexibility to allow passengers to check in remotely on-line or at 
a kiosk who had previously been unable to do so because they have a 
name similar to someone on a watchlist. Airlines are now able to create 
a system to verify and securely store a passenger's date of birth to 
improve passenger verification. By voluntarily providing this limited 
biographical data to an airline and verifying that information once at 
the ticket counter, travelers who were previously inconvenienced on 
every trip now have an opportunity for a more convenient travel 
experience. More airlines need to take advantage of this process.
    With implementation of Secure Flight, TSA soon will take over 
passenger watchlist matching and resolve many of the inconveniences 
passengers are experiencing with verification under the current system. 
Until Secure Flight is implemented, however, TSA believes airlines need 
to do more to alleviate the inconvenience to passengers, including 
changing procedures for watchlist filtering and improving 
communications with passengers concerning their status. The decision to 
invest in improving their watchlist filtering systems may be basically 
a business decision for air carriers. For TSA, however, this is a very 
serious concern.
    TSA is also concerned that airline employees are misinforming 
passengers about whether they are on a terrorist watchlist. This 
practice affects public perception of the watchlists, undercuts the 
credibility of the security system, and potentially puts at risk 
sensitive information. TSA has conducted outreach to the air carriers 
on this issue and has provided guidance as to what to say to a traveler 
who is a potential match. While TSA wishes to continue to work 
collaboratively with airlines to solve this problem and penalties are 
not TSA's preferred approach, TSA has authority to impose penalties up 
to $25,000 per infraction.
                             secure flight
    TSA is moving forward aggressively to assume responsibility for 
watchlist matching for both international and domestic air passengers 
through Secure Flight. Secure Flight will close a critical aviation 
security gap and reduce the vulnerabilities associated with watchlist 
matching performed by the airlines. Under Secure Flight, watchlist 
matching will be more effective, efficient, and consistent, offering 
improvements in both security and customer service for the traveling 
public. Secure Flight will add a vital layer of security to our 
Nation's commercial air transportation system while maintaining the 
privacy of passenger information. TSA evaluated and realigned Secure 
Flight in 2006 to ensure that privacy and security serve as the very 
foundation for the system. The realignment established the basic 
infrastructure and fundamentals of a rigorous program including 
extensive program management elements. The effort ensured privacy 
practices are built into all areas of the program.
    Secure Flight will improve aviation security by providing:
   Early knowledge of potential watchlist matches;
   Earlier law enforcement notification;
   Decreased chance of compromised watchlist data because of 
        its limited distribution;
   Enhanced use of the Redress Process and Cleared List;
   Consistent watchlist matching process across all aircraft 
        operators; and
   Privacy protections for individuals.
    TSA currently plans to begin full operation of Secure Flight in 
January 2009 with a limited number of aircraft operators. The final 
schedule for implementation will depend on fiscal year 2009 funding and 
publication of the Secure Flight Final Rule, which currently is in the 
final stages of administration review and is anticipated to be 
published this fall. The Final Rule is the product of extensive 
consultations with air carriers and other stakeholders, as well as an 
extended public notice and comment period that resulted in the 
inclusion of robust privacy protections. In the interim, TSA has 
conducted extensive systems testing in preparation for Secure Flight's 
launch and has re-programmed additional funds to accelerate development 
of the program.
    DHS is moving swiftly toward achieving another significant Secure 
Flight milestone, the certification that TSA has completed all ten of 
the following Secure Flight conditions required by the Department of 
Homeland Security Appropriations Act, 2005, Pub. L. 108-334:
   System of due process (redress) established;
   System error rate will not produce a large number of false 
        positives;
   Accuracy of the system has been stress-tested;
   DHS has established internal oversight board;
   TSA has sufficient operational safeguards to reduce 
        opportunities for abuse;
   Substantial security measures are in place to prevent 
        hacking;
   Effective oversight of the use and operation of the system 
        is in place;
   No specific privacy concerns with system architecture;
   States with unique transportation needs are accommodated; 
        and
   Appropriate life-cycle cost estimates and program plans 
        exist.
    A certification report is currently in final review.
    TSA also has worked closely with the GAO over the past several 
years as Secure Flight has progressed, meeting regularly and sharing 
substantial information and documents on plans and testing, with the 
goal of keeping GAO well-informed and enhancing GAO's ability to 
complete its post-certification review. Dedicated office space has been 
provided for GAO at TSA headquarters to better facilitate their work on 
this and other programs. Upon completion of the DHS Final Certification 
Report for Secure Flight, we look forward to providing this report to 
GAO to begin their review.
    Extensive consultation with key stakeholder groups, including 
aircraft operators, aviation associations, privacy advocacy groups, and 
travel industry associations, has been a critical component of Secure 
Flight development and has been essential in addressing the issues in 
the current watchlist matching processes. As a result of this 
consultation, Secure Flight is designed to address many of the customer 
service concerns inherent in the current watchlist matching process. 
Specific customer service benefits include:
   Integrating DHS TRIP into Secure Flight by using the Cleared 
        List and passenger redress numbers in the automated matching 
        process;
   Operating a 24-hour, 7-day-per-week Resolution Service 
        Center for aircraft operators to call to resolve potential 
        Secure Flight matches and limit delays for verification of 
        passengers; and
   Requesting the minimum amount of personal data necessary to 
        conduct effective watchlist matching.
    Many aircraft operators expressed concerns about the proposed 60-
day implementation period. TSA has modified the Secure Flight 
implementation approach to accommodate the needs for the industry to 
make changes to systems and processes. TSA has conducted a series of 
meetings and working sessions on topics including implementation 
strategy, testing, and outages, and these meetings will continue with 
the publication of the Final Rule. As we continue to ready Secure 
Flight for deployment and ensure a smooth transition through parallel 
testing of the system, we look forward to a continued partnership with 
the air carrier industry, with whom we share a common goal of keeping 
dangerous individuals off aircraft while facilitating legitimate 
passenger travel.
                               conclusion
    I would once again like to thank this subcommittee for its support 
for TSA's mission. TSA is making major strides toward implementation of 
Secure Flight, a step that will enhance transportation security and 
improve customer service while taking advantage of critical 
intelligence to prevent a terrorist act against the United States. I 
look forward to continuing to work together with the subcommittee as we 
achieve this important goal. Thank you for the opportunity to appear 
today, and I would be happy to answer any questions.

    Ms. Jackson Lee. Thank you very much for your testimony.
    I now recognize Mr. Kopel to summarize his statement for 5 
minutes. Mr. Kopel, you might have heard a lot of bells 
ringing. If you could summarize in under that amount of time, 
we will recess.
    Ms. Berrick, we will come back to you, which will give us 
more time.
    Then, Mr. Kopel, we will certainly give you ample time with 
questions. I yield it to you for 5 minutes.

   STATEMENT OF RICHARD S. KOPEL, PRINCIPAL DEPUTY DIRECTOR, 
                   TERRORIST SCREENING CENTER

    Mr. Kopel. Thank you, Madam Congresswoman, Ranking Member 
Lungren, Chairman Thompson and the Members of the subcommittee. 
I thank you for the opportunity to talk about the Terrorist 
Screening Center and the U.S. Government's watchlisting 
process.
    As Congressman Lungren alluded, the TSC is administered by 
the FBI, but we are truly a multi-agency type task force 
environment with over 12 different agencies and departments 
represented at the TSC.
    Our mission is to consolidate the Government's approach to 
screening for terrorism. That includes consolidation of the 
terrorist watchlist, but it also includes setting up a 24x7 
call center to aid in the identification support when someone 
on the watchlist is encountered, coordination with all the 
encounters through the FBI to ensure that the FBI case agents 
and individuals are notified of those encounters and can 
contribute to the encounter process.
    We also have a formal process for tracking all the 
encounters to ensure that the appropriate information is 
collected both on positive encounters when someone does match 
the watchlist and also for individuals that are not matches or 
misidentifications to the watchlist.
    Then another high item on the 9/11 Commission report was 
the lack of sharing information. The TSC takes all the 
information collected from encounters with known or suspected 
terrorists and shares that throughout the U.S. Government 
counterterrorism efforts.
    That includes, obviously, the FBI, the originator of the 
information, and the other departments and agencies doing the 
CT type work.
    A big question that seems to be the focus of the hearings 
are, you know, how does someone get on the watchlist in the 
first place? Are there significant and sufficient safeguards to 
keep the people, the innocent person off that doesn't have a 
connection to terrorism?
    We have a multi-tiered approach and review process that 
varies between agencies, but at one point when the originator 
believes that there is a connection, a reasonable suspicion 
that there is a connection to terrorism, that nomination, or 
that name of the individual is submitted to the National 
Counterterrorism Center for review.
    The National Counterterrorism Center will review not only 
the name, but the supporting information on why that person is 
believed to have a connection to terrorism. If they believe the 
connection exists, they submit that name to the Terrorist 
Screening Center.
    We again reevaluate the supporting information, a third 
look, if you will, at the supporting data, to determine that 
that person is indeed the person that we believe should be 
watchlisted.
    With all the names on the watchlist are the records in the 
database. There are times when the wrong person, or a name of a 
person with a similar name, has issues.
    We believe that the different screening agencies have 
processes in place to allow that person to file a redress or 
ask for help in the watchlisting process. DHS TRIP is a major 
component of that system.
    In addition to that, we have put on a full redress team to 
give our data an independent look when a name comes through the 
redress process. They will reevaluate all the supporting 
information to determine if any action has to be taken.
    For individuals that are unfortunate enough, as our friends 
from California, to maybe share the name of someone who is on 
the watchlist, this is the process to go through to help 
minimize any inconvenience they may experience.
    In addition to the formal redress that someone may file, we 
have additionally put on a new program, the Terrorist 
Encounters Review Process, which proactively looks and 
determines if a person is on the watchlist or been encountered 
multiple times and not been the actual person of interest.
    In those cases we do initiate our own redress process to 
actually determine if additional action needs to be taken and 
if we can actually help that person through the cleared process 
that TSA has, and other agencies.
    The TSC continues to play a vital role in the war on 
terrorism. Multiple auditors concur that we have made 
significant, positive impact on the terrorist screening 
processes, ensuring that all of our screening agencies have the 
identifying information they need to identify these persons 
when they are encountered.
    We continue to work hard to make our processes better. We 
understand that everything is not perfect, and we look forward 
to working those issues with the independent audits that we 
have had, where we have been able to take that information and 
actually apply that to making our processes better.
    Chairwoman Jackson Lee, Ranking Member Lungren and other 
Members of the subcommittee, I look forward to answering any 
questions that you may have.
    [The statement of Mr. Kopel follows:]
                 Prepared Statement of Richard S. Kopel
                           September 9, 2008
    Good afternoon Chairwoman Jackson Lee, Ranking Member Lungren, and 
Members of the subcommittee. Thank you for the opportunity to discuss 
the Terrorist Screening Database (known as the TSDB or ``terrorist 
watch list'') and the watchlisting process at large. The Terrorist 
Screening Center (TSC) is dedicated to consolidating and coordinating 
the U.S. Government's approach to terrorism screening and facilitating 
information sharing to protect the Nation and the international 
community. In addition, the TSC is dedicated to performing its mission 
while protecting privacy and civil liberties. The dedicated employees 
at the TSC take their responsibility to these two priorities very 
seriously.
    Since it began operations on December 1, 2003, the Terrorist 
Screening Center (TSC) has assumed a critical role in securing our 
borders and the safety of the American people by providing to the 
Nation's entire screening and law enforcement communities the 
identities of known and suspected terrorists. As directed by Homeland 
Security Presidential Directive 6 (HSPD-6) Integration and Use of 
Screening Information, the TSC has combined the numerous terrorist 
watchlists existing on September 11, 2001 and created the U.S. 
Government's single consolidated Terrorist Screening Database (TSDB). 
Every day, the TSC adds, updates and removes records in the TSDB and 
makes the information available to Federal/State/local entities for 
terrorist screening. HSPD-6 did not contain any new legal authorities 
and all screening is performed under the existing legal authority of 
the screening agency. The TSC also provides:
  (1) A single coordination point for terrorist screening data;
  (2) A 24/7 call center to provide identification assistance to 
        screening agencies;
  (3) Access to a coordinated law enforcement response for any 
        encounter with a watchlisted person;
  (4) A formal process for tracking all positive encounters;
  (5) Feedback on all positive encounters with Known and Suspected 
        Terrorists (KST) to the originator, FBI, and other appropriate 
        entities;
    The Terrorist Screening Center has been the focus of significant 
attention from Congress and various governmental auditors. The TSC has 
worked to develop a strong relationship and open communications with 
Congress and appreciates the support, oversight and constructive 
criticism it receives from the various committees with which it works. 
The TSC has taken advantage of the external reviews of its processes 
and is focused on using the results of these reviews to identify ways 
to improve its operations. Generally, these auditors have found that 
the watchlist performs a critical function in securing the Nation from 
terrorist threats while protecting privacy and civil liberties. 
Specifically, GAO report 08-110 states, ``[GAO's] analysis of data on 
outcomes and our interviews with screening agency, law enforcement, and 
intelligence community officials indicate that the use of the watchlist 
has enhanced the Government's counterterrorism efforts.'' It also 
reports that ``[t]he TSC plays a central role in the real-time sharing 
of information, creating a bridge among screening agencies.'' The TSC 
has not only assisted in eliminating historical cultural boundaries 
between and among the intelligence and law enforcement communities but 
also has provided a physical mechanism to ensure information sharing is 
done in an efficient manner. The TSC looks forward to continuing the 
healthy working relationship that it currently has with this and the 
other committees and subcommittees with which it works.
    Further, the TSC is working to provide the public with an increased 
understanding of its mission through the press. The TSC has hosted news 
reporters and has been engaged with various press outlets to answer 
questions and clarify the role of the TSC for the American public. It 
is through this openness that the TSC hopes to rectify many of the 
misconceptions about its mission, and responsibilities. It is with this 
in mind that the TSC is reaching out to describe the watchlisting 
process and to demonstrate its efforts to protect individuals' civil 
liberties and privacy. Due to the national security nature of TSC's 
work, however, it is impossible to explain in precise detail how the 
watchlist is managed.
    Often, an individual believes he or she is on the watchlist because 
of an encounter with law enforcement, airport screening or another 
security-related entity. The actuality is that there are many reasons a 
person may experience Law Enforcement/Screening delays and only one of 
these reasons is the watchlist. The TSC works closely with the 
Department of Homeland Security, the Transportation Security 
Administration, the FBI, and Federal, State and local law enforcement 
agencies, and other partners to minimize inconvenience to individuals 
that are not on the watchlist, but nevertheless have a name that is 
similar to the name of a known or suspected terrorist.
    Inclusion on the watchlist is based on specific criteria and a name 
can be removed from the TSDB by the nominating and investigating 
agencies reasonably determining the individual is not engaging in 
terrorism or terrorist activity.
    It is also critical to understand that the TSC serves to facilitate 
information sharing on Known or Suspected Terrorists with its partner 
agencies in the law enforcement, screening and intelligence 
communities. The watchlist is a tool to assist the screening agency in 
its legally mandated responsibilities to determine if an individual has 
a possible connection to terrorist activity. It is a pointer to 
additional information and is not used to determine if any adverse 
action should be taken. The TSC, when contacted, will provide 
identification support and, if the identity is confirmed, will ensure 
all appropriate information on the individual is supplied to the 
screening agency to help determine what action, if any, is to be taken.
    The size of the watchlist is often misreported and there is 
considerable confusion about the difference between the number of 
records and individuals. The TSDB reflects sensitive but unclassified 
identity information concerning individuals reasonably suspected to be 
engaged in terrorism or terrorist activities. The TSDB is updated daily 
and contains approximately:
   Number of Records: 1,000,000 Records;
   Number of Individuals: 400,000 (3 percent of which are U.S. 
        Persons);
Reason for difference: A separate record is created for each name, 
alias and name variant. A single individual may have multiple records 
and the TSDB averages just over 2 records for every individual.
    It is also critical to clarify that the No-Fly List is not 
synonymous with the TSDB; rather, it is a small subset of the TSDB and 
pertains specifically to commercial aviation. Inclusion on the No-Fly 
List requires that an individual meet very specific criteria and are or 
may be a threat to civil aviation (i.e., the aircraft, its passengers, 
crew members, and others). As such, not every record in the TSDB would 
be appropriate for inclusion on the No-Fly List. The TSC works with its 
screening partners to determine what level of information is required 
to meet that entity's particular screening needs and is consistent with 
its legal authorities. This is one manner in which the TSC works to 
limit any inconvenience the watchlist may have on the innocent 
traveling public.
    The U.S. Government (USG) has many controls in place to ensure that 
only Known or Suspected Terrorists are nominated to the watchlist. The 
nomination process for including someone on the watchlist is a multi-
agency, multi-tiered process. Each International Terrorist (IT) 
nomination comes through the National Counterterrorism Center (NCTC), 
and each Domestic Terrorist (DT) nomination comes through the Federal 
Bureau of Investigation. Nominations are first reviewed at the field 
level, reviewed again at the NCTC or FBI, and again at the TSC before 
inclusion in the TSDB.
    While the TSDB is critical to counterterrorism efforts at the 
Federal, State and local levels, the TSC is aware that the watchlist 
has an impact on the traveling public. As such, the TSC takes all steps 
possible to limit this impact and balance privacy and civil liberties 
with its critical terrorist screening mission. The TSC strives to 
reduce the time it takes to resolve encounters with screening agencies. 
The average encounter currently takes just under eight (8) minutes to 
resolve. Further, the TSC reviews each nominated record for 
completeness and the appropriateness of its inclusion on the watchlist. 
The TSC similarly reviews all nominated change and removal requests to 
ensure that the watchlist contains the most thorough, accurate and 
current information possible.
    The TSC's Redress program also conducts a comprehensive review of 
records related to requests referred to the TSC by its screening 
partners through their respective redress programs, including DHS TRIP. 
This provides a mechanism for persons who feel they are inappropriately 
watchlisted or misidentified to seek redress. In addition, in April 
2008, the TSC initiated the Terrorist Encounter Review Process (TERP) 
to automatically review the terrorist watchlist records of frequently 
encountered individuals even if no formal redress requests are filed. 
TERP provides a guaranteed review of such records to ensure they are 
thorough, accurate and current.
                               conclusion
    The TSC continues to play a vital role in the war on terrorism. 
Multiple auditors all concur that the TSC has made a significant, 
positive impact in terrorist screening operations, ensuring that 
Federal, State, and local law enforcement and screening partners have 
the information they need to identify terrorists abroad, at our 
borders, and within our country. The TSC will continue to work hard to 
identify means to increase efficiency and limit the impact on the 
American public, while effective terrorist screening operations are 
conducted. This can only be accomplished through a continuous process 
of internal and external review and unremitting vigilance. Chairwoman 
Jackson Lee, Ranking Member Lungren, and Members of the committee, 
thank you again for the opportunity to address this esteemed body, and 
I look forward to answering your questions.

    Ms. Jackson Lee. Thank you. The hearing stands in recess.
    [Recess.]
    Ms. Jackson Lee. I am reconvening the Transportation 
Security and Infrastructure Protection Subcommittee hearing on 
``Ensuring America's Security, Cleaning up the Nation's 
Watchlists.''
    At this time I will recognize Ms. Berrick to summarize her 
statement for 5 minutes.

 STATEMENT OF CATHLEEN A. BERRICK, DIRECTOR, HOMELAND SECURITY 
      AND JUSTICE ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Berrick. Thank you, Madam Chairwoman, for inviting me 
to discuss GAO's work reviewing aviation watchlist matching, or 
the matching of passenger information against terrorist 
watchlist records.
    Domestic and foreign carriers traveling within, to and from 
the United States are required to conduct watchlist matching in 
accordance with TSA requirements. TSA has responsibility for 
overseeing how carriers implement their watchlist matching 
programs. TSA plans to assume this function from carriers 
beginning in 2009, as you aware, under Secure Flight.
    My testimony addresses TSA's watchlist matching 
requirements for domestic carriers, TSA's oversight of 
carriers' watchlist matching requirements programs, and TSA's 
progress in developing and implementing Secure Flight.
    In conducting watchlist matching, TSA requires that 
carriers conduct exact name matches against watchlist records 
and to match name variations, also known as similar name 
matching.
    Carriers must conduct similar name matching because 
watchlists of individuals may travel using name variations and 
would not be identified if carriers searched only for an exact 
name match.
    Although TSA requires carriers to conduct similar name 
matching, until recently revising some of its requirements, TSA 
did not specify how many or what types of such name variations 
carriers should compare.
    As a result, the 14 carriers we interviewed reported 
implementing varied approaches, two conducting similar name 
matching, and not every carrier reported conducting any form of 
similar name matching.
    There have been incidents of carriers failing to identify 
potential matches through watchlist records by not successfully 
conducting similar name matching.
    However, in 2008 during my review and following a special 
inspection conducted by TSA, TSA should have revised security 
directives to clarify the types of name variations that 
carriers must compare against the No-Fly List.
    TSA acknowledges this new capability will not address all 
vulnerabilities that exist with watchlist matching, but believe 
that it is the best interim solution pending implementation of 
Secure Flight, because it strengthens watchlist matching 
without requiring major system changes for carriers.
    TSA has taken various actions to assess domestic carriers' 
compliance with watchlist matching requirements. However, until 
a special inspection conducted in 2008, TSA conducted limited 
oversight of carriers' name-matching capability.
    TSA records for field inspections conducted during 2007 
identified the carriers' watchlist matching function was tested 
during only 5 percent of airport inspections conducted that 
year.
    TSA reported that its guidance for inspectors is currently 
being revised to strengthen oversight of carrier watchlist 
matching.
    Since Secure Flight will likely not be fully operational 
for at least a year for domestic flights, and longer for 
international flights, it is important that TSA strengthen its 
oversight of air carrier programs in the interim.
    Secure Flight, once implemented, is intended to strengthen 
watchlist matching by conducting more robust name variations 
than currently conducted by carriers. Secure Flight is also 
intended to more accurately match passenger information to 
watchlist records.
    In February 2008, despite past difficulties in implementing 
Secure Flight, we reported that TSA had made significant 
progress in developing the program, including developing key 
systems development documentation and strengthening privacy 
protections.
    However, we reported that challenges remained, including 
the need to more fully test systems development security 
requirements and develop more robust cost and schedule 
estimates.
    If these challenges are not effectively addressed, the 
chances of the program performing on schedule and as intended 
are diminished. We have an on-going review, assessing TSA's 
efforts in implementing Secure Flight.
    This concludes my opening statement. I look forward to your 
questions.
    [The statement of Ms. Berrick follows:]
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    Highlights of GAO-08-1136T, a testimony before the Subcommittee on 
Transportation Security and Infrastructure Protection, Committee on 
Homeland Security, House of Representatives.
Why GAO Did This Study
    Domestic air carriers are responsible for checking passenger names 
against terrorist watchlist records to identify persons who should be 
denied boarding (the No-Fly List) or who should undergo additional 
security scrutiny (the Selectee List). The Transportation Security 
Administration (TSA) is to assume this function through its Secure 
Flight program. However, due to program delays, air carriers retain 
this role. This testimony discusses: (1) TSA's requirements for 
domestic air carriers to conduct watchlist matching; (2) the extent to 
which TSA has assessed compliance with watchlist matching requirements; 
and (3) TSA's progress in developing Secure Flight. This statement is 
based on GAO's report on air carrier watchlist matching (GAO-08-992) 
being released today and GAO's previous and ongoing reviews of Secure 
Flight. In conducting this work, GAO reviewed TSA security directives 
and TSA inspections guidance and results, and interviewed officials 
from 14 of 95 domestic air carriers.
What GAO Recommends
    GAO is not making any recommendations related to air carriers' 
watchlist matching programs because TSA initiated actions in April 2008 
to strengthen related requirements and its oversight of air carriers' 
implementation of these requirements. Regarding Secure Flight, GAO 
previously made recommendations to strengthen the program's 
development. TSA generally agreed.
                             what gao found
    TSA's requirements for domestic air carriers to conduct watchlist 
matching include a requirement to identify passengers whose names are 
either identical or similar to those on the No-Fly and Selectee lists. 
Similar-name matching is important because individuals on the watchlist 
may try to avoid detection by making travel reservations using name 
variations. According to TSA, there have been incidents of air carriers 
failing to identify potential matches by not successfully conducting 
similar-name matching. However, until revisions were initiated in April 
2008, TSA's security directives did not specify what types of similar-
name variations were to be considered. Thus, in interviews with 14 air 
carriers, GAO found inconsistent approaches to conducting similar-name 
matching, and not every air carrier reported conducting similar-name 
comparisons. In January 2008, TSA conducted an evaluation of air 
carriers and found deficiencies in their capability to conduct similar-
name matching. Thus, in April 2008, TSA revised the No-Fly List 
security directive to specify a baseline capability for conducting 
watchlist matching and reported that it planned to similarly revise the 
Selectee List security directive. While recognizing that the new 
baseline capability will not address all vulnerabilities, TSA 
emphasized that establishing the baseline capability should improve air 
carriers' performance of watchlist matching and is a good interim 
solution pending the implementation of Secure Flight.
    TSA has undertaken various efforts to assess domestic air carriers' 
compliance with watchlist matching requirements; however, until 2008, 
TSA had conducted limited testing of air carriers' similar-name-
matching capability. In 2005, for instance, TSA evaluated the 
capability of air carriers to identify names that were identical--but 
not similar--to those in terrorist watchlist records. Also, TSA's 
internal guidance did not specifically direct inspectors to test air 
carriers' similar-name-matching capability, nor did the guidance 
specify the number or types of name variations to be assessed. Records 
in TSA's database for regular inspections conducted during 2007 made 
reference to name-match testing in only 61 of the 1,145 watchlist-
related inspections that GAO reviewed. During the course of GAO's 
review, and prompted by findings of the evaluation conducted in January 
2008, TSA reported that its guidance for inspectors would be revised to 
help ensure air carriers' compliance with security directives. Although 
TSA has plans to strengthen its oversight efforts, it is too early to 
determine the extent to which TSA will provide oversight of air 
carriers' compliance with the revised security directives.
    In February 2008, GAO reported that TSA has made progress in 
developing Secure Flight but that challenges remained, including the 
need to more effectively manage risk and develop more robust cost and 
schedule estimates (GAO-08-456T). If these challenges are not addressed 
effectively, the risk of the program not being completed on schedule 
and within estimated costs is increased, and the chances of it 
performing as intended are diminished. TSA plans to begin assuming 
watchlist matching from air carriers in January 2009.
    Madam Chairwoman and Members of the subcommittee: I am pleased to 
be here today to discuss GAO's work assessing the Transportation 
Security Administration (TSA) and domestic air carrier efforts in 
conducting watchlist matching--or the matching of airline passenger 
information against terrorist watchlist records--a front-line defense 
against acts of terrorism that target the Nation's civil aviation 
system.\1\ Domestic air carriers operating to, from, and within the 
United States are to conduct watchlist matching in accordance with 
requirements set forth by TSA. That is, air carriers are to conduct 
preboarding checks by comparing passenger data--most prominently name 
and date of birth--against the No-Fly List to identify individuals who 
should be prevented from boarding an aircraft, and against the Selectee 
List to identify individuals who must undergo enhanced screening at the 
checkpoint prior to boarding.\2\ TSA has responsibility for overseeing 
how air carriers implement the watchlist-matching process, consistent 
with TSA requirements. Critical to this oversight effort are the 
agency's inspectors--both the principal security inspectors who oversee 
implementation efforts at air carriers' corporate security offices and 
the transportation security inspectors who oversee implementation 
efforts at airport locations. Beginning in 2009, under a program known 
as Secure Flight, TSA is to take over from air carriers the function of 
watchlist matching for domestic and ultimately international flights. 
Pending Secure Flight's implementation, air carriers continue to have 
primary responsibility for conducting watchlist matching. In turn, TSA 
continues to have an important oversight responsibility to ensure that 
air carriers comply with watchlist-matching requirements.
---------------------------------------------------------------------------
    \1\ For the purposes of this statement, domestic air carriers are 
those with operations based in the United States that maintain full 
security programs in accordance with 49 C.F.R. part 1544. The number of 
domestic air carriers has varied over time, for example, from 95 in 
2005 to about 70 in 2007.
    \2\ These lists contain applicable records from the Terrorist 
Screening Center's consolidated database of known or appropriately 
suspected terrorists. Pursuant to Homeland Security Presidential 
Directive 6, dated September 16, 2003, the Terrorist Screening Center--
an entity that has been operational since December 2003 under the 
administration of the Federal Bureau of Investigation--was established 
to develop and maintain the U.S. Government's consolidated terrorist 
screening database (the watch list) and to provide for the use of 
watchlist records during security-related screening processes. See GAO, 
Terrorist Watch List Screening: Recommendations to Promote a 
Comprehensive and Coordinated Approach to Terrorist-Related Screening, 
GAO-08-253T (Washington, DC: Nov. 8, 2007).
---------------------------------------------------------------------------
    My testimony today addresses: (1) TSA's requirements for domestic 
air carriers to conduct watchlist matching for domestic flights; (2) 
the extent to which TSA has assessed domestic air carriers' compliance 
with watchlist-matching requirements; and, (3) TSA's progress in 
developing and implementing the Secure Flight program. This statement 
is based on a report we released today \3\ on air carrier watchlist-
matching processes and TSA's oversight of these efforts, as well as 
work we conducted on the Secure Flight program from August 2007 to 
January 2008,\4\ with selected updates in September 2008.
---------------------------------------------------------------------------
    \3\ GAO, Aviation Security: TSA Is Enhancing Its Oversight of Air 
Carrier Efforts to Identify Passengers on the No-Fly and Selectee 
Lists, but Expects Ultimate Solution to Be Implementation of Secure 
Flight, GAO-08-992 (Washington, DC: Sept. 9, 2008).
    \4\ GAO, Aviation Security: Transportation Security Administration 
Has Strengthened Planning to Guide Investments in Key Aviation Security 
Programs, but More Work Remains, GAO-08-456T (Washington, DC: Feb. 28, 
2008).
---------------------------------------------------------------------------
    Regarding air carrier watchlist matching, we reviewed TSA's 
security directives and related guidance applicable to watchlist 
matching; interviewed responsible officials at TSA headquarters; 
conducted interviews (both in-person and via telephone) with officials 
from domestic air carriers to discuss their implementation of 
watchlist-matching requirements;\5\ analyzed watchlist-related 
inspections that TSA conducted during fiscal year 2007 to ensure that 
air carriers were in compliance with applicable requirements; and 
reviewed the results from a special emphasis assessment that TSA 
conducted in 2005 and a special emphasis inspection it conducted in 
January 2008, both of which addressed air carriers' capability to 
conduct watchlist matching.\6\ Regarding the Secure Flight program, we 
reviewed systems development, privacy, and other documentation, and 
interviewed Department of Homeland Security (DHS), TSA, and contractor 
officials. We conducted these performance audits from July 2006 to 
September 2008 in accordance with generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on the audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on the audit objectives.
---------------------------------------------------------------------------
    \5\ Our selection of the 14 air carriers was based, in part, on 
operational size with the goal of obtaining a range of sizes. Although 
the 14 air carriers (selected from a total of 95 air carriers required 
to perform watchlist matching during calendar year 2005) represent a 
range in the types of air carriers that conduct watchlist matching, 
and, according to our calculations, accounted for approximately 70 
percent of all passengers that boarded domestic flights in 2005, the 
results of our interviews are not generalizable to the domestic 
operations of all domestic air carriers. However, our selection allowed 
us to understand how watchlist matching was performed for the majority 
of passengers flying domestically in 2005, although we did not 
independently verify each air carrier's reported method of 
implementation.
    \6\ Special emphasis assessments and special emphasis inspections 
are nonroutine activities undertaken at the direction of TSA 
headquarters. According to TSA, a special emphasis assessment addresses 
a vulnerability that generally is not tied to a regulation, while a 
special emphasis inspection is tied to a regulatory requirement.
---------------------------------------------------------------------------
                                summary
    Through its security directives, TSA has issued requirements for 
watchlist matching, which include identifying passengers with names 
similar to those on the No-Fly and Selectee lists. Before undertaking 
revisions of the relevant security directives in 2008, TSA expected air 
carriers to conduct similar-name matching but TSA's security directives 
did not specify how many and what types of such name variations air 
carriers should compare. Consequently, in interviews with 14 air 
carriers, we found inconsistent approaches to conducting similar-name 
matching. Some carriers compared more name variations than others; in 
addition, not every air carrier reported conducting similar-name 
comparisons. Air carriers that conduct only exact-name comparisons and 
carriers that conduct relatively limited similar-name comparisons are 
less effective in identifying watchlisted individuals who travel under 
name variations. Also, due to inconsistent air carrier processes, a 
passenger could be identified as a match to the watch list by one 
carrier and not by another. In April 2008, during the course of our 
review, TSA revised and issued the No-Fly List security directive to 
specify a baseline capability for similar-name matching to which all 
air carriers must conform. Also, in August 2008, TSA officials reported 
that the agency was in the process of similarly revising the Selectee 
List security directive to require the same baseline capability.\7\ TSA 
officials acknowledged that the new baseline capability will not 
address all vulnerabilities identified by TSA. However, the officials 
stated that the new baseline capability was a good interim approach for 
improving air carriers' matching efforts because, among other reasons, 
it will strengthen watchlist matching without requiring investment in a 
solution that will be replaced when Secure Flight is implemented.
---------------------------------------------------------------------------
    \7\ TSA officials did not provide us a targeted issuance date for 
the revised Selectee List security directive.
---------------------------------------------------------------------------
    Although TSA assessed air carriers' compliance with watchlist-
matching requirements through a special emphasis assessment conducted 
in 2005 and through planned inspections conducted in conjunction with 
annual inspection cycles, the agency had tested similar-name matching 
to only a limited extent until 2008. For instance, the 2005 special 
emphasis assessment focused on air carriers' capability to identify 
passenger names that were exact matches with names on the No-Fly List, 
but did not address the capability to conduct similar-name matching. 
Also, during the most recent annual inspection cycle (fiscal year 
2007), although some TSA inspectors tested air carriers' effectiveness 
in conducting similar-name matching, the inspectors did so at their own 
discretion and without specific evaluation criteria. However, during a 
special emphasis inspection conducted in January 2008, TSA found 
deficiencies in the capability of air carriers to conduct similar-name 
matching.\8\ Thereafter, following TSA's revision of the No-Fly List 
security directive in April 2008, officials planned to issue new 
guidance for inspectors to better ensure compliance by air carriers 
with requirements in the new security directive. Further, in September 
2008, TSA updated us on the status of its efforts with watchlist 
matching. Specifically, TSA provided us with the results of a May 2008 
special emphasis assessment of seven air carriers' compliance with the 
revised No-Fly List security directive. TSA generally characterized the 
results of the May 2008 special emphasis assessment as positive. 
Further, TSA officials noted that the agency's internal handbook, which 
provides guidance to transportation security inspectors on how to 
inspect air carriers' compliance with requirements, including 
watchlist-matching requirements, was being revised, and was expected to 
be released later this year. Officials indicated that the new 
inspection guidance would be used in conjunction with TSA's Nation-wide 
regulatory activities plan for fiscal year 2009. While these actions 
and plans are positive developments, it is too early to determine the 
extent to which air carriers' compliance with watchlist-matching 
requirements will be assessed based on the new security directives 
since these efforts are still underway and have not been completed.
---------------------------------------------------------------------------
    \8\ TSA reported that the January 2008 special emphasis inspection 
covered 52 domestic air carriers and 31 foreign air carriers.
---------------------------------------------------------------------------
    Moreover, in February 2008, we reported that TSA has made 
significant progress in developing Secure Flight, but that challenges 
remained in a number of areas, including the need to more effectively 
manage risk and develop more robust cost and schedule estimates. We 
made a number of recommendations to strengthen TSA's efforts in these 
areas, to which TSA agreed and has begun to take corrective actions. We 
will continue to evaluate TSA's efforts to develop and implement Secure 
Flight and its progress in addressing these recommendations as part of 
our on-going review.\9\
---------------------------------------------------------------------------
    \9\ Our review of TSA's progress with Secure Flight is being 
conducted in response to requests from the U.S. Senate (Committee on 
Commerce, Science, and Transportation, and its Subcommittee on Aviation 
Operations, Safety, and Security; Committee on Appropriations, 
Subcommittee on Homeland Security; Committee on Homeland Security and 
Governmental Affairs; and Committee on the Judiciary) and the U.S. 
House of Representatives (Committee on Transportation and 
Infrastructure, Committee on Homeland Security, and Committee on 
Oversight and Government Reform). In addition, the Consolidated 
Appropriations Act, 2008, requires that we report to the Committees on 
Appropriations of the Senate and House of Representatives on DHS's 
certification of 10 conditions outlined in section 522(a) of the 
Department of Homeland Security Appropriations Act, 2005, related to 
the development and implementation of the Secure Flight program. See 
Pub. L. No. 110-161, Div. E,  513, 121 Stat. 1844, 2072-73 (2007).
---------------------------------------------------------------------------
                               background
    TSA is responsible for ensuring air carriers' compliance with 
regulatory requirements, including requirements reflected in TSA 
security directives. Related to watchlist matching, TSA outlines air 
carrier requirements in the No-Fly List Procedures security directive, 
requiring domestic air carriers to conduct checks of passenger 
information against the No-Fly List to identify individuals who should 
be precluded from boarding flights, and the Selectee List Procedures 
security directive, directing domestic air carriers to conduct checks 
of passenger information against the Selectee List to identify 
individuals who should receive enhanced screening (e.g., additional 
physical screening or a hand-search of carry-on baggage) before 
proceeding through the security checkpoint. Since 2002, TSA has issued 
numerous revisions to the No-Fly and Selectee list security directives 
to strengthen and clarify requirements, and has issued guidance to 
assist air carriers in implementing their watchlist-matching processes.
    TSA conducts inspections of air carriers throughout the year as 
part of regular inspection cycles based on annual inspection plans to 
determine the extent to which air carriers are complying with TSA 
security requirements. These inspections are based on inspection 
guidelines known as PARIS prompts,\10\ which address a broad range of 
regulatory requirements (including airport perimeter security and cargo 
security, as well as screening of employees, baggage, and passengers). 
With respect to watchlist matching, inspection guidelines instruct 
inspectors regarding the aspects of air carrier watchlist matching that 
should be tested, such as whether air carriers are comparing the names 
of all passengers against names on the most current No-Fly and Selectee 
lists in accordance with the procedures outlined in TSA's security 
directives.
---------------------------------------------------------------------------
    \10\ PARIS is the acronym for the Performance and Results 
Information System, which is TSA's inspections database. This database 
assists TSA management by providing factual and analytical information 
on the compliance of TSA-regulated entities. There are approximately 
1,700 PARIS prompts, which serve as guidelines for TSA inspectors.
---------------------------------------------------------------------------
    TSA conducts watchlist-related inspections at air carriers' 
corporate security offices (where policies and procedures are 
established on how watchlist matching is to be performed) and at 
airports (where policies and procedures for responding to a potential 
match are implemented). TSA's principal security inspectors are 
responsible for conducting inspections at domestic air carriers' 
corporate headquarters. These inspectors assess air carriers' 
compliance with security requirements and provide direct oversight of 
air carriers' implementation of and compliance with TSA-approved 
security programs. Field inspectors--known as transportation security 
inspectors--conduct watchlist-related inspections at airports. They are 
responsible for a multitude of TSA-related activities, including 
conducting inspections and investigations of airports and air carriers, 
monitoring compliance with applicable civil aviation security policies 
and regulations, resolving routine situations that may be encountered 
during the assessment of airport security, participating in testing of 
security systems in connection with compliance inspections, identifying 
when enforcement actions should be initiated, and providing input on 
the type of action and level of penalty commensurate with the nature 
and severity of a violation that is ultimately recommended to TSA's 
Office of Chief Counsel.
    To further enhance commercial aviation security and as required by 
the Intelligence Reform and Terrorism Prevention Act of 2004, TSA is 
developing an advanced passenger prescreening program known as Secure 
Flight to assume from air carriers the function of matching passenger 
information against Government-supplied terrorist watchlists for 
domestic, and ultimately international, flights.\11\ Through assumption 
of the watchlist-matching function from the air carriers, Secure Flight 
is intended to ensure a higher level of consistency than current air 
carrier watchlist matching and also help remedy possible 
misidentifications if a passenger's name is similar to one found on a 
watch list. According to TSA plans, Secure Flight's benefits, once the 
program becomes operational, will include:
---------------------------------------------------------------------------
    \11\ See Pub. L. No. 108-458,  4012(a), 118 Stat. 3638, 3714-18 
(2004) (codified at 49 U.S.C.  44903(j)(2)(C)).
---------------------------------------------------------------------------
   eliminating inconsistencies in current air carrier watchlist 
        matching procedures;
   decreasing the risk of unauthorized disclosure of sensitive 
        watchlist information;
   reducing the number of individuals who are misidentified as 
        being on the No-Fly or Selectee lists, and;
   integrating the redress process so that individuals are less 
        likely to be improperly or unfairly delayed or prohibited from 
        boarding an aircraft.
    TSA expects to begin assuming from air carriers the watchlist 
matching function for domestic flights in January 2009, and to assume 
this function from U.S. Customs and Border Protection for flights 
departing from and to the United States by fiscal year 2010.
 prior to april 2008, tsa watch-list-matching requirements were broad 
and allowed air carriers discretion in comparing name variations, which 
                  resulted in less effective processes
    Since the terrorist attacks of September 11, 2001, TSA has imposed, 
through security directives, requirements for watchlist matching, which 
include identifying passengers with names similar to those on the No-
Fly and Selectee lists--a process TSA refers to as similar-name 
matching. Identifying passengers with names similar to those on the No-
Fly and Selectee lists is a critical component of watchlist matching 
because individuals may travel using abbreviated name forms or other 
variations of their names. Therefore, searching for only an exact match 
of the passenger's name may not result in identifying all watchlisted 
individuals.
    Before undertaking revisions of the relevant security directives in 
2008, TSA expected air carriers to conduct similar-name matching, but 
TSA's security directives did not specify how many and what types of 
such name variations air carriers should compare. Consequently, the 14 
air carriers we interviewed reported implementing varied approaches to 
similar-name matching. Some carriers reported comparing more name 
variations than others, and not every air carrier reported conducting 
similar-name comparisons. Air carriers that conduct only exact-name 
comparisons and carriers that conduct relatively limited similar-name 
comparisons are less effective in identifying watchlisted individuals 
who travel under name variations. Also, due to inconsistent air carrier 
processes, a passenger could be identified as a match to a watchlist 
record by one carrier and not by another, which results in uneven 
effectiveness of watchlist matching. Moreover, there have been 
incidents, based on information provided by TSA's Office of 
Intelligence, of air carriers failing to identify potential matches by 
not successfully conducting similar-name matching.
    Generally, TSA had been aware that air carriers were not using 
equivalent processes to compare passenger names with names on the No-
Fly and Selectee lists. However, in early 2008 the significance of such 
differences was crystallized during the course of our review and 
following TSA's special emphasis inspection of air carriers' watchlist-
matching capability. On the basis of these inspection results, in April 
2008, TSA issued a revised security directive governing the use of the 
No-Fly List to establish a baseline capability for similar-name 
matching to which all air carriers must conform. Also, TSA announced 
that it planned to similarly revise the Selectee List security 
directive to require the new baseline capability.\12\
---------------------------------------------------------------------------
    \12\ In August 2008, TSA informed us that the revised Selectee List 
security directive was still in the agency's internal clearance 
process, and did not provide us a targeted issuance date.
---------------------------------------------------------------------------
    According to TSA officials, the new baseline capability is intended 
to improve the effectiveness of watchlist matching, particularly for 
those air carriers that had been using less-thorough approaches for 
identifying similar-name matches and those air carriers that did not 
conduct any similar-name comparisons. However, because the baseline 
capability requires that air carriers compare only the types of name 
variations specified in the security directive, TSA officials noted 
that the new baseline established in the No-Fly List security directive 
is not intended to address all possible types of name variations and 
related security vulnerabilities. Agency officials explained that based 
on their analysis of the No-Fly and Selectee lists and interviews with 
intelligence community officials, the newly-established baseline covers 
the types of name variations air carriers are most likely to encounter. 
TSA officials further stated that these revised requirements were a 
good interim solution because, among other reasons, they will 
strengthen security while not requiring air carriers to invest in 
significant modifications to their watchlist matching processes, given 
TSA's expected implementation of Secure Flight beginning in 2009. If 
implemented as intended, Secure Flight is expected to better enable the 
use of passenger names and other identifying information to more 
accurately match passengers to the subjects of watchlist records.
  until a 2008 special emphasis inspection, tsa had conducted limited 
  testing of air carriers' capability to perform similar-name matching
    Until 2008, TSA had conducted limited testing of air carriers' 
similar-name-matching capability, although the agency had undertaken 
various efforts to assess domestic air carriers' compliance with 
watchlist matching requirements in the No-Fly and Selectee list 
security directives. These efforts included a special emphasis 
assessment conducted in 2005 and regular inspections conducted in 
conjunction with annual inspection cycles. However, the 2005 special 
emphasis assessment focused on air carriers' capability to prescreen 
passengers for exact-name matches with the No-Fly List, but did not 
address the air carriers' capability to conduct similar-name 
comparisons. Regarding inspections conducted as part of regular 
inspection cycles, TSA's guidance establishes that regulatory 
requirements encompassing critical layers of security need intensive 
oversight, and that testing is the preferred method for validating 
compliance. However, before being revised in 2008, TSA's inspection 
guidelines for watchlist-related inspections were broadly stated and 
did not specifically direct inspectors to test air carriers' similar-
name-matching capability. Moreover, TSA's guidance provided no baseline 
criteria or standards regarding the number or types of such variations 
that must be assessed. Thus, although some TSA inspectors tested air 
carriers' effectiveness in conducting similar-name matching, the 
inspectors did so at their own discretion and without specific 
evaluation criteria.
    In response to our inquiry, six of TSA's nine principal security 
inspectors told us that their assessments during annual inspection 
cycles have not included examining air carriers' capability to conduct 
certain basic types of similar-name comparisons. Also, in reviewing 
documentation of the results of the most recent inspection cycle 
(fiscal year 2007), we found that available records in TSA's database 
made references to name-matching tests in only 6 of the 36 watchlist-
related inspections that principal security inspectors conducted, and 
in only 55 of the 1,109 inspections that transportation security 
inspectors conducted.\13\ Without baseline criteria or standards for 
air carriers to follow in conducting similar-name comparisons, TSA has 
not had a uniform basis for assessing compliance. Further, without 
routinely and uniformly testing how effectively air carriers are 
conducting similar-name matching, TSA may not have had an accurate 
understanding of the quality of air carriers' watchlist-matching 
processes.
---------------------------------------------------------------------------
    \13\ According to TSA data, these 1,145 watchlist-related 
inspections (36 plus 1,109) covered 60 domestic air carriers, and most 
of the air carriers were inspected multiple times.
---------------------------------------------------------------------------
    However, TSA began taking corrective actions during the course of 
our review and after it found deficiencies in the capability of air 
carriers to conduct similar-name matching during the January 2008 
special emphasis inspection.\14\ More specifically, following the 
January 2008 inspection, TSA officials reported that TSA began working 
with individual air carriers to address identified deficiencies. Also, 
officials reported that, following the issuance of TSA's revised No-Fly 
List security directive in April 2008, the agency had plans to assess 
air carriers' progress in meeting the baseline capability specified in 
the new security directive after 30 days, and that the agency's 
internal guidance for inspectors would be revised to help ensure 
compliance by air carriers with requirements in the new security 
directive. Further, in September 2008, TSA updated us on the status of 
its efforts with watchlist matching. Specifically, TSA provided us with 
the results of a May 2008 special emphasis assessment of seven air 
carriers' compliance with the revised No-Fly List security directive. 
Although the details of this special emphasis assessment are 
classified, TSA generally characterized the results as positive. Also, 
the TSA noted that it plans to work with individual air carriers, as 
applicable, to analyze specific failures, improve system performance, 
and conduct follow-up testing as needed. Further, officials noted that 
the agency's internal handbook, which provides guidance to 
transportation security inspectors on how to inspect air carriers' 
compliance with requirements, including watchlist-matching 
requirements, was being revised and was expected to be released later 
this year. Officials stated that the new inspection guidance would be 
used in conjunction with TSA's Nation-wide regulatory activities plan 
for fiscal year 2009. However, while these actions and plans are 
positive developments, it is too early to determine the extent to which 
TSA will assess air carriers' compliance with watchlist-matching 
requirements based on the new security directives since these efforts 
are still underway and have not been completed.
---------------------------------------------------------------------------
    \14\ According to TSA officials, the January 2008 special emphasis 
inspection covered 52 domestic air carriers and 31 foreign air 
carriers.
---------------------------------------------------------------------------
dhs has made progress in developing and implementing the secure flight 
   program, but challenges remain that may hinder the program moving 
                                forward
    Over the last 4 years, we have reported that the Secure Flight 
program (and its predecessor known as the Computer Assisted Passenger 
Prescreening System II or CAPPS II) had not met key milestones or 
finalized its goals, objectives, and requirements, and faced 
significant development and implementation challenges.\15\ 
Acknowledging the challenges it faced with the program, in February 
2006, TSA suspended the development of Secure Flight and initiated a 
reassessment, or rebaselining, of the program, which was completed in 
January 2007. In February 2008, we reported that TSA had made 
substantial progress in instilling more discipline and rigor into 
Secure Flight's development and implementation, including preparing key 
systems development documentation and strengthening privacy 
protections.\16\ However, we reported that challenges remain that may 
hinder the program's progress moving forward. Specifically, TSA had 
not: (1) Developed program cost and schedule estimates consistent with 
best practices; (2) fully implemented its risk management plan; (3) 
planned for system end-to-end testing in test plans; and, (4) ensured 
that information-security requirements are fully implemented. If these 
challenges are not addressed effectively, the risk of the program not 
being completed on schedule and within estimated costs is increased, 
and the chances of it performing as intended are diminished.
---------------------------------------------------------------------------
    \15\ See GAO, Aviation Security: Progress Made in Systematic 
Planning to Guide Key Investment Decisions, but More Work Remains, GAO-
07-448T (Washington, DC: Feb. 13, 2007).
    \16\ See GAO, Aviation Security: Transportation Security 
Administration Has Strengthened Planning to Guide Investments in Key 
Aviation Security Programs, but More Work Remains, GAO-08-456T 
(Washington, DC: Feb. 28, 2008).
---------------------------------------------------------------------------
    To address these challenges, we made several recommendations to DHS 
and TSA to incorporate best practices in Secure Flight's cost and 
schedule estimates and to fully implement the program's risk-
management, testing, and information-security requirements. DHS and TSA 
officials generally agreed to implement the recommendations and 
reported that they are making progress doing so. According to TSA 
officials, the ``initial cutover'' or assumption of the watchlist 
matching function from one or more air carriers for domestic flights is 
scheduled to begin in January 2009. However, as of July 2008, TSA had 
not developed detailed plans or time frames for assuming watchlist 
matching from all air carriers for domestic flights. We will continue 
to evaluate TSA's efforts to develop and implement Secure Flight and 
its progress in addressing our prior recommendations as part of our on-
going review.
                        concluding observations
    Until the Secure Flight program is implemented, TSA's oversight of 
air carriers' compliance with watchlist-matching requirements remains 
an important responsibility. In this regard, TSA's April 2008 revision 
of the No-Fly List security directive--and a similar revision planned 
for the Selectee List security directive--are significant developments. 
The April 2008 revision establishes a baseline name-matching capability 
applicable to all domestic air carriers. Effective implementation of 
the baseline capability should strengthen watchlist-matching processes, 
especially for those air carriers that had been using less-thorough 
approaches for identifying similar-name matches. Concurrently, revised 
internal guidance for TSA's inspectors can help ensure that compliance 
inspections of air carriers are conducted using the standards specified 
within the security directives as evaluation criteria. At the time of 
our review, TSA was in the initial stage of revising the internal 
guidance for inspectors. As a result, it is too early to determine the 
extent to which updated guidance for principal security inspectors and 
transportation security inspectors will strengthen oversight of air 
carriers' compliance with the security directive requirements. Going 
forward, TSA officials acknowledge that the baseline capability 
specified in the revised No-Fly List security directive and the similar 
revision planned for the Selectee List security directive--while an 
improvement--does not address all vulnerabilities identified by TSA and 
does not provide the level of risk mitigation that is expected to be 
achieved from Secure Flight. Thus, TSA officials recognize the 
importance of--and the challenges to--ensuring continued progress in 
developing and deploying the Secure Flight program as soon as possible.
    Madam Chairwoman, this concludes my statement. I would be pleased 
to answer any questions that you or other Members have at this time.

    Ms. Jackson Lee. Let me thank you very much for your, 
again, important analysis.
    As well, let me thank all of the witnesses for their 
presence here today.
    I want it to be known that this persistent pursuit is a 
serious effort on behalf of this subcommittee and the full 
committee really to penetrate into the essence of security to 
make it real, consistent and effective.
    I have appreciated the polite talk of the witnesses. I have 
also appreciated the collaborative efforts. My questions will 
be pointed, because I don't think we can have hearing after 
hearing after hearing after hearing without finding a solution 
to what seems to be a complex question with a simple answer.
    So I would first of all like to pose a question to Mr. 
Wellen. I want to congratulate TSA for getting the final 
certification that seems to have come with the signoff of 
Secretary Chertoff. This certification report confirms that 
Secure Flight meets all 10 certifications mandated in the 2005 
appropriations language, which many of us worked together on.
    There are many of us who have been on the Homeland Security 
Committee since its origins after 9/11 and its first beginnings 
as a select committee, first as a team of Members to decide how 
we were going to move forward. So we want to make sure that the 
recommendations can be asked and answered.
    One of the recommendations--we physically asked that you 
develop an appropriate lifecycle cost estimate. I would like to 
know how have you verified that the estimates you have 
constructed are reasonable and achievable, first of all?
    As you answer that, I would like you to make a commitment 
to provide the subcommittee with a copy of that report. Mr. 
Wellen.
    Mr. Wellen. Thank you, Ms. Chairwoman.
    The lifecycle cost estimates we are in the process of 
providing were based on April's estimates for the first 5 years 
of the program. Those can be made available.
    We are also in the process of updating the lifecycle cost 
estimates to abide by additional GAO and DHS guidance. When 
those are complete, we can provide those as well.
    Ms. Jackson Lee. Assistant Secretary, do you want add a 
little? Expand on that for us, please. I just think it is 
important.
    Mr. Hawley. The 10-year cost is in the billion dollar 
range, and it ranges probably per year $80 million, and perhaps 
going up above that to get to around a billion over 10 years.
    As part of a review of the Department, and also the 
engagement that we have with GAO, we have had a lot of back and 
forth, and there are some different ways of framing the 
questions, and therefore the answers that we are referring to.
    So I believe the first 5 years are ready to go now and 
would provide the additional when that is available.
    Ms. Jackson Lee. So the first 5 years--a half a billion 
dollars?
    Mr. Wellen. Yes, ma'am. The approximations are anywhere 
between $85 and $93 million per year.
    Ms. Jackson Lee. Good. Is that a Government cost? Or is 
that shared with the industry?
    Mr. Wellen. That is Government cost, ma'am.
    Ms. Jackson Lee. Do we have any estimates of the industry's 
participation and any cost on their part?
    Mr. Wellen. I don't have their cost estimates.
    Ms. Jackson Lee. But we would expect that there would be 
some.
    Mr. Wellen. Yes, ma'am.
    Ms. Jackson Lee. Can I ask you to engage--and I am going to 
yield to you, Mr. Secretary--with the industry to give us some 
ballpark on those figures, please? Assistant Secretary.
    Mr. Hawley. Yes, ma'am.
    Ms. Jackson Lee. You heard the discussion that we had, and 
I offered my congratulations for the certification announcement 
to back a question of their participation in it. But I 
indicated that I am not holding these hearings I guess for what 
most might perceive would be a continuous reciting of the 
problem.
    I know that there are issues with legislation, but there 
are also issues with administration rulemaking. My question to 
you is could we have a collaborative effort as we proceed to 
write legislation to expedite this process for what we all 
want: relief to the American people.
    Now, what that would mean is that we could not point 
fingers at each other for what the delay might be. It would 
have to move through this House, which I feel confident that we 
have the ability to work collaboratively, but it would have to 
move in the Senate.
    So the question is would that be something that you, DHS, 
the administration would be open to? Can you work with this 
committee, work with me on legislation that could be put the 
energy in that we need to secure the American people?
    Mr. Hawley. Yes. I would like to comment that this 
subcommittee has been very consistently into the detail of this 
program, and I appreciate the legislation from Ms. Clarke. Mr. 
Lungren referred to it, and bipartisan nature of it.
    We would certainly work with you and the committee to see 
if there are additional ways to strengthen that process, but to 
get to the point where it will be implemented just as soon as 
it is ready.
    Having said that, our rule is in its final stages of 
administration clearance, so our hope is that that will go the 
course, and should Congress or you wish to pursue legislative 
remedies, we would be very open to working with you.
    Ms. Jackson Lee. I think that is a very important first 
step, and I think we will move expeditiously, but we will also 
be monitoring the rulemaking. What we want to do is that we 
will both be holding hands in success not for ourselves, but 
for the American people.
    Let me ask Ms. Berrick, are you just listening to costs? I 
am concerned that the 10 items that have been certified need 
themselves to be reviewed by GAO.
    Will you all assess them to determine their reasonableness 
and also their costs? How long do you think it will take you to 
review these certifications that have now been made?
    Ms. Berrick. Yes. We will be. We have been reviewing. We 
will continue to review the Secure Flight. There is legislation 
in the--2 years ago the appropriations legislation requires GAO 
to review the program and report within 90 days of 
certification. So our report will be due around December 10 of 
this year.
    Related to the 10 conditions, GAO has done a lot of work 
already, and there are two areas where we have identified some 
concerns that we are working with TSA on right now.
    One has to do with cost and schedule estimates--lifecycle 
cost estimates, for example, that you asked about. We have not 
yet full lifecycle cost estimates for Secure Flight. The 
estimates that we got just went up to 2012, and it was based on 
an older version of the program. So we are waiting to get 
updated lifecycle cost estimates.
    We will be looking at that to see to what extent it was 
developed consistent with best practices for these estimates.
    Another area has to do with testing, making sure that TSA 
is fully testing security and systems requirements before they 
go operational. So we will continue to review those areas, as 
well as the other 10, and report to this committee and others 
in December.
    Ms. Jackson Lee. So let me ask you just to repeat that. Do 
you think you will begin the review process now and expect to 
finish in December, of the 10 certification?
    Ms. Berrick. Right. We have 90 days to complete the work, 
which would be December.
    Ms. Jackson Lee. So our legislation could track your 
review. But we need to be concerned, then, if your review is 
not finished until December, that we want to be more expedited.
    So let me ask that you be in dialog with this committee and 
let us, even though you do have the time frame, let us look 
very carefully and keenly at how we can work together on moving 
that up.
    Ms. Berrick. Okay. We will.
    Ms. Jackson Lee. I appreciate it very much.
    Let me just try to quickly finish my own questioning. Time 
seems to go more quickly than we would like.
    Mr. Kopel, let me thank you for the work that you do, and 
let me also indicate that the resourcefulness of which I am 
about to begin is appreciation for the work that you do.
    But here is a dilemma that we face, and you laid it out. 
Nominating agencies or nominating individuals because they 
have--originators of the nomination think that this is a person 
we need to watch.
    We have a lot of backtalk going on. The backtalk is that 
there is a watchlist. I do expect in another committee, or 
possibly this committee, since we invited Director Mueller to 
be here--and I know that you work for the Department of 
Homeland Security--but I believe we should indicate on the 
record that we are giving resources to the FBI to have the kind 
of a four-star A-plus-plus watchlist, because it may seem 
insignificant to have thousands of Americans on the list that 
are wrongly named, or five on the list, but any American on the 
list wrongly named is unacceptable.
    So I have a concern that the confusion about the watchlist, 
and I think though you at DHS, let me pointedly suggest that it 
works unfortunately in the direction of the FBI, because what 
the TSA gets, it is in the custodial hands of the FBI.
    People believe, and civilians believe, and airlines 
believe, and the have said it, which they are inappropriate to 
say it, but they have, that someone is on the watchlist.
    James Robinson, an 8-year-old, is on the watchlist. That is 
unfair, untoward, and it does not help the American people. So 
I am a little confused as to what DHS is doing in your shop to 
try to get the most accurate watchlist possible.
    This seems to be the pass the buck situation. You talk to 
the FBI; they are moving paper around. I am not sure what role 
you may play in trying to give the best assistance, though I 
know that you are committed. So you are in the hot seat.
    I am frankly not very happy with what I think is an uneven 
watchlist that then results in what we have to work with for 
Secure Flight, but more importantly results in the misidentity 
of individuals, who innocently come to use the airlines and to 
visit Grandma, to go on a family vacation, to try to make 
deadlines to go to a funeral, and whatever else the airlines 
are used for.
    People miss flights, because they are intimidated by this 
process.
    Meantime, some of the great work that needs to be done to 
secure America is not being done.
    Mr. Kopel.
    Mr. Kopel. Thank you, Madam Chairwoman. First, let me 
explain that although I am a DHS employee, and I work for 
Charlie Allen in information analysis. I am also the No. 2 
person at the Terrorist Screening Center--a direct line.
    Our director is currently an FBI employee. Our previous 
director was a DHS employee. Actually, a senior member of TSA 
was our original director for the first 3 years of the TSC.
    The TSC, when I referenced a multi-agency task force type 
environment, I have about 45--a commitment from DHS for 45--and 
have about between 30 and 40 DHS employees at any time 
permanently assigned to the TSC.
    So it isn't like we really work for the FBI. We work for 
the Terrorist Screening Center and the watchlisting process for 
the USG.
    Ms. Jackson Lee. What you are doing with the watchlist that 
is in the custodial hands of the FBI, and you are dealing with 
a situation where people are on a No-Fly List because they are 
matched against the watchlist--it is very confusing, and it 
doesn't work.
    So tell me what you are doing to clear it up? What are you 
doing to coordinate? I appreciate the coordination and the 
various people that are working in your shop, but what are you 
doing to ensure a cleaned-up watchlist?
    Mr. Kopel. Well, let me start by saying based on some of 
our preliminary audits--and we have had many where we tend to 
think we have live-ins from GAO and the IG working with us 
continuously--but part of that process.
    In March 2006, we initiated some information technology 
changes to our process that allowed us to, or actually requires 
us to, review every nomination that comes to the TSC and review 
the supporting information behind that actual record, so that 
we just don't take a name, and because an originator thought 
there was a reasonable suspicion of a connection to terrorism, 
that doesn't automatically get you on the watchlist.
    It goes through the National Counterterrorism Center. They 
are going to review that nomination, along with all the 
supporting information, whether that comes from the FBI in 
their case management files or whether it is with the CIA in 
the TIDE system.
    So between the difference, they are going to review the 
information, and they are going to say that they believe there 
is also a connection to terrorism, a reasonable suspicion of 
that.
    Then that record is transmitted to the Terrorist Screening 
Center. We have a group of subject matter experts that review 
each and every one of those records to also ensure by looking 
at the supporting information that there is sufficient 
information that a reasonable suspicion can be determined that 
this person may have a connection to terrorism.
    Ms. Jackson Lee. Are you suggesting to me that there is 
your own separate analysis from the separate watchlist that the 
FBI is custodian over?
    Mr. Kopel. The FBI is a custodian of the U.S. Government's 
list, and that list is reviewed at the Terrorist Screening 
Center. We do our own independent review, as does the National 
Counterterrorism Center, and as do the nominating agencies and 
the originators of that information.
    Ms. Jackson Lee. What we might take from that is that there 
are names on it that are names of individuals in the United 
States who are innocent, but that you have done all the 
screening that you could do to assure that if that name is on 
there, there is a basis for such.
    Mr. Kopel. Madam Chairwoman, I believe that almost all the 
names, and we are in the process to finish a complete review of 
the entire database to ensure that every record has been 
reviewed and had that supporting information.
    Ms. Jackson Lee. So we find a gap in that translation to 
the Nation's airlines. As the Chairman said, there are other 
nodes or other agencies that use watchlists, and then it 
captures an 8-year-old by the name of James Robinson.
    Mr. Kopel. Madam Chairwoman, I believe that every name that 
we have on the No-Fly List is appropriately watchlisted for the 
No-Fly List.
    Ms. Jackson Lee. But not an 8-year-old by the name that may 
be the same.
    Mr. Kopel. We supply the airlines with what we believe is 
sufficient information to make some preliminary identification 
from that. Their actual processes would probably be best 
described by TSA on how the airlines evaluate the information 
that is supplied to them.
    Ms. Jackson Lee. Well, let me now--and I thank you for your 
answer. We will just have to have a second round to pursue it.
    But let me now yield to the distinguished gentlelady from 
New York. Congresswoman Clarke.
    Ms. Clarke. Thank you very much, Madam Chairwoman. I want 
to thank you for your labor and commitment to really addressing 
and resolving this issue. I would like to also thank you for 
your support on the FAST Redress Act. It is really at the heart 
of the issue that we are talking about today.
    You know I think it is not really an issue of the names as 
such. It is the misidentification. It is the ability for people 
to be able to feel reassured that our Nation has the capability 
of clearing those who may be misidentified.
    There is a difference between having a terrorist watchlist, 
which we know is a necessity, and having so many false 
positives, if we may.
    So at the end of the day, it is up to us to really come up 
with a system that really enables people to provide to an 
entity all pertinent information required to get them off that 
list.
    If an 8-year-old, who was basically born around the time 
that the incident occurred, can't travel, something is wrong. I 
mean we don't want our airline using discretion to the extent 
that it becomes a vulnerability.
    But when an 8-year-old comes to purchase, or their parent 
comes to purchase a ticket, and they would just basically blow 
a horn like the day before this incident took place, someone 
has got to say I am going to take it upon myself to get this 
child cleared.
    That is where I believe part of the challenge lies for us 
right now--bringing that common sense, the intelligence 
community together to come up with a remedy. I just wanted to 
put that out there, because I think we kind of lose that in the 
conversation about the list.
    It is not the list. I think all Americans are glad that we 
have got that level of intelligence.
    It is the misuse of the list and it is the 
misidentifications of individuals with similar names that has 
become you know a real sticking point for most Americans, 
because after the third incident, it becomes just a violation 
of our humanity. We don't want to continue to experience that.
    Director Hawley, I am appreciative of your comments that 
you have made regarding the FAST Redress Act, and I hope that 
you will express your interest as you interface with our 
colleagues on the other side in the Senate.
    I know that the final rule for Secure Flight is being 
reviewed by OMB. Do you have a sort of a date when you expect 
that the rule would be approved? This is with regard to Secure 
Flight.
    Mr. Hawley. Yes, we are anticipating November is when the 
rule would be cleared and then be made final.
    Ms. Clarke. You think it would be the earlier part of 
November, or the end of November?
    Mr. Hawley. I thought it was going to be in the summer, 
so----
    Ms. Clarke. I got you. I got you. If you had the authority 
to move on implementation today, how ready would you be to put 
the program into place?
    Mr. Hawley. I think today it is a different answer, because 
the certification is done. That is the first step to make sure 
the privacy and security pieces are done, and so having an 
appropriate GAO review of those I think would be the next step 
there.
    But technically, and Mr. Wellen can describe it, the system 
is operational and that part is ready. Our partners need to be 
ready, meaning the airlines need to be ready to give us the 
data. Then the legal authorities have to be there, which is 
something either would come legislatively or by rule.
    Ms. Clarke. With regard to the airlines, because they play 
such a crucial role here, would you say the capacity to stand 
them up in this process in a fairly short period of time, Mr. 
Wellen?
    Mr. Wellen. Yes, ma'am. We have six airlines that have 
expressed a willingness and a desire to be early adapters for 
Secure Flight.
    We encourage other airlines to express a similar desire, 
and that went to my oral statement. But yes, ma'am.
    Ms. Clarke. But Mr. Wellen, let me ask you something. Is 
there anything that we could do to compel all airlines to be a 
part of this process? Because again you know it is also the 
inconsistency amongst the airlines in terms of their protocols 
that has created a part of the problem as well.
    Mr. Wellen. Yes, ma'am. You are absolutely right. The rule 
is what we were using for compulsion.
    Ms. Clarke. Okay.
    Mr. Wellen. But legislation I believe probably could have 
the same authority.
    Ms. Clarke. Okay. Thank you very much.
    I yield back, Madam Chairwoman.
    Ms. Jackson Lee. Let me thank the gentlelady for her 
leadership. I know that we are going to partnership on this 
committee.
    It is our mutual commitment and the commitment of this 
entire committee to get this right, because I don't believe, as 
we honor the dead this coming Thursday, as we all will do, that 
we will have truly honored them if we cannot find a way to do 
what originally was a horrific act of those untoward and evil 
persons getting on the airplane and doing the wrong thing and a 
dangerous thing, and separate them from the travels of 
Americans and others, who are innocent.
    Let me yield for a second round and quickly ask to 
Assistant Secretary Hawley two issues. Since revising the No-
Fly List security directive in April 2008, has TSA observed an 
increase in the number of true matches, meaning passengers 
correctly matched?
    Do you have a way of the air transport industry reporting 
back to the No-Fly List, meaning true matches to the No-Fly 
List? On the other hand, have air carriers reported an increase 
in the number of passengers misidentified as matches to the No-
Fly List, which is what Congresswoman Clarke indicated that 
there is a watchlist, which I believe should be continuously 
surveyed to make sure that it is accurate, but then as that is 
accessed by the appropriate people, are they still doing 
misidentifications?
    Using the term, and I would like you to respond to that, 
``you are on the watchlist,'' which many of our constituents 
come back and tell us that that is what is being said over the 
counter while the grandma is trying to get on the plane or 
while a young Mr. Robinson or military Mr. Robinson or former 
U.S. Attorney Mr. Robinson is trying to get on a plane? So if 
you can share that with us.
    Mr. Hawley. Yes. We have begun to collect the data from the 
airlines as to the number of people going to the counters. So 
we will begin next month having some trend analysis of that.
    But just anecdotally, a number of the airlines were 
experiencing about a thousand people a day coming to the 
counter, and our hope is that as they adopt measures, and we 
working with them, that those numbers will decrease.
    I think it is important to note all the airlines agree with 
all of us in terms of not saying, ``You are on the watchlist.'' 
That is their policy. It is our policy. We all have distributed 
operations where employees are all over the world and sometimes 
say things they shouldn't. So we all have the same interest in 
not saying to somebody, ``You are on a watchlist.''
    Ms. Jackson Lee. But what kind of oversight do we have over 
that? You are right. We do have employees all over the world. I 
am sure they have good intentions. But I can assure you that we 
have heard from individuals, who at a counter in a public 
setting, who were told that you are on a watchlist.
    Mr. Hawley. Yes. We are interested to learn about that, as 
I am sure the airlines are, if there are employees doing that.
    One point I think is very interesting is that from our 
redress, the DHS TRIP, of the people who come to TSA and say, 
``I would like redress,'' 99.75 percent of them are 
misidentification.
    I think Ms. Clarke has it exactly right, that the 
precautions in the process in making sure that the people on 
the watchlist belong on the watchlist, my experience is that is 
done excellently.
    The problem comes in taking those lists and then matching 
the passenger manifest. That is where the problems come in the 
data. As I said, less than a quarter of 1 percent end up being 
about whether they should be on the watchlist. Most are 
misidentified.
    Ms. Jackson Lee. Let me then quickly ask Mr. Kopel. I know 
that we have called him the name of the news anchor, so we will 
try to continue to correct his name, which is Kopel, and we 
appreciate the distinction. But in any event, it is a good 
person to be confused with.
    Let me ask you this. Building on that, there is 
considerable confusion between the terrorist screening database 
and the Selectee and No-Fly List. Please clarify the difference 
between the entire TSCD and the Selectee and No-Fly List, which 
are used by TSA.
    To the greatest extent possible, please discuss the other 
Government agencies that use the TSCD or are provided 
information by the TSCD. If you can quickly answer that, we 
want to move to our second panel. Then I want to ask you a 
redress question.
    Mr. Kopel. Yes, ma'am. The entire watchlist, the terrorist 
screening database, contains all the names and identifiers of 
everyone that the U.S. Government believes has a reasonable 
suspicion of a connection to terrorism.
    Ms. Jackson Lee. Well, it is important to note for the 
American people that the watchlist is legitimate, we should 
have it, and it is not out to attack Americans.
    Mr. Kopel. Absolutely, ma'am. That is why the supporting 
information for every nomination on the list is reviewed at not 
only the TSC, but in multi-layers by multi-agency 
participation.
    Ms. Jackson Lee. All right. Well, when we go to the No-Fly 
List, Selectee, the TSCD, the Selectee No-Fly List.
    Mr. Kopel. Yes, ma'am. The No-Fly and Selectee List have a 
higher level of I guess--the criteria for actually being placed 
on the No-Fly and Selectee List is about two or three notches 
above the reasonable suspicion of a connection to terrorism.
    In both those cases, without getting into the actual 
specifics of the criteria----
    Ms. Jackson Lee. So that is even higher.
    Mr. Kopel. That is higher. Those lists have been what we 
call scrubs, where we will periodically go in and reevaluate, 
pull every record and determine that the information is still 
valid and accurate and that all of those people we believe have 
a potential for a danger to the aircraft.
    Ms. Jackson Lee. So what is the airline counterperson 
looking at, and their computer looking at, when someone comes, 
who, as has been indicated by my colleague, may be 
misidentified?
    Mr. Kopel. There is a subset of the terrorist screening 
database, the No-Fly and Selectee List. The appropriate 
identifying information, Madam Chairwoman, and I can't actually 
say what that this in this forum, but I would be glad to 
discuss that with you in a classified environment.
    Ms. Jackson Lee. We will have you do so. Thank you.
    Mr. Kopel. But at those cases, the airlines are given some 
specific information that should help them make at least a 
preliminary determination whether or not that is a match to the 
No-Fly and Selectee List.
    Ms. Jackson Lee. So when they are speaking to the multiple 
Robinsons, who are innocent----
    Mr. Kopel. Yes, ma'am.
    Ms. Jackson Lee [continuing]. What is it that they are 
supposed to be doing?
    Mr. Kopel. Well, we would believe that they would do a 
preliminary review of the information that they have available 
to them to determine, matching that against the person at the 
counter, whether or not that is the same person.
    Ms. Jackson Lee. Do you believe the information that they 
have has been scrubbed and accurate so they can make a 
determination?
    Mr. Kopel. I believe that the information they have is 
accurate and has been scrubbed. Yes, ma'am.
    Ms. Jackson Lee. Let me indicate that we want to pass the 
legislation of Ms. Clarke, and we are going to be moving and 
working on that. What we hear from constituents--and last 
question to you--one of the chief complaints about the redress 
process is that individuals are never told that their name was 
actually removed from the watchlist. Why can the TSA neither 
confirm or deny an individual's watchlist status?
    Now, this is in the backdrop of recognizing that we are not 
trying to inform terrorists of anything. But what mechanism 
could we use?
    Mr. Kopel. Well, and I think that has been something that 
certainly DHS, as probably the largest user of the watchlist 
between TSA and the U.S. Customs and Border Protection, has 
been struggling with.
    The key to that, though, is from an investigative 
standpoint, if we were to inform an individual they are or not 
on the watchlist, that would be kind of like an open door to 
use a name that they know that they could kind of get through 
the security and skirt the security that has been put in place.
    That is a policy that we have had, and we stand by it. I 
think it worked for us, because there have been times when we 
believe people are phishing, you know, the system to look and 
see if this name is good or they can use this.
    Ms. Jackson Lee. Right. Well, let me indicate that I think 
we are better than a country that is not able to end the 
misidentification. We are also a country that should recognize 
that a scrubbed and clean and effective watchlist is protecting 
all of us. We are going to get to that in this committee.
    Let me thank you for your testimony. We ask----
    Gentlelady, you have another question?
    Let me yield to the gentlelady.
    Ms. Clarke. Thank you, Madam Chairwoman.
    I guess for me--and this question is for Mr. Kopel. It is 
clear to me that there are going to be cases where the name 
does not come off the list. It is the misidentified individual 
that needs to be cleared, because the name remains the same. It 
is just that multiple people have either a similar name or the 
same name.
    So that is really the technicality, because we are asking 
for some of these end up whose name comes off, but we know that 
the name doesn't come off, because the name remains the name of 
a bad actor out there.
    It is the individual that may have a similar or same name 
that has to be cleared. Is there a process for that individual 
that begins to whittle down the pool of individuals that could 
be trapped by having the same or similar name? Because that 
name doesn't come off the list.
    Mr. Kopel. If the name on the list belongs to someone that 
is reasonably suspected of having a nexus to or a connection to 
terrorism, that name is going to remain on the list. Yes, 
ma'am.
    Ms. Clarke. That is right.
    Mr. Kopel. The process for working through that today at 
TSA is the cleared list.
    At Customs it is their primary lookout override system of 
the TSC, when a name is referred to us in our redress program, 
we work closely with both the offices in TSA for redress and 
with Customs and Border Protection to address those, to get 
those names not only to determine whether or not this is not 
the individual, but to help that individual.
    We actually have a process to get that person placed on the 
cleared list and to work with Customs and Border Protection for 
their primary lookout override.
    Ms. Clarke. You create sort of I guess an indicator that 
differentiates that individual with that name versus the 
individual with the name, which is the bad actor.
    Mr. Kopel. Absolutely. For Secure Flight we will really aid 
that for an automated function----
    Ms. Clarke. Okay.
    Mr. Kopel [continuing]. For TSA. For Customs and Border 
Protection, that is a fully automated process that the person 
is not flagged at the customs inspection when they come through 
just wanting a passport. It is automatically overridden, 
because we know that is not the person.
    Ms. Clarke. Okay.
    Mr. Wellen, since DHS started the TRIP program, has there 
been a significant increase in referrals to TSC of potential 
cases for names and records to be removed?
    Mr. Wellen. First, TSA has worked with TSC to do a complete 
scrub.
    I am sorry. Excuse me, ma'am.
    TSA and TSC have worked together to do a complete scrub of 
the No-Fly and the Selectee watchlist. So we have employed that 
process.
    Second of all, the people that have requested redress 
through the DHS TRIP system do go through a process in which it 
is determined that in fact they are not the person on the 
terrorist watchlist.
    That name does go into a cleared list. That cleared list is 
provided daily----
    Ms. Clarke. Can you just stick right there, because you 
said ``that name.'' I think that is where we are having--is 
there another indicator of the difference in the name?
    Mr. Wellen. Yes, ma'am. In addition to the name, there is a 
redress number.
    Ms. Clarke. Okay.
    Mr. Wellen. What happens is this is supplied to the 
airlines daily. It is updated daily. With varying degrees of 
consistency, the airlines apply those names when a person does 
their boarding pass--excuse me.
    Some airlines do it quite well. They made the investment in 
the IT infrastructure to make that happen. Others not so well.
    What the ultimate solution will be is Secure Flight, 
because as part of the process, an automatic process, those 
names will automatically--anybody that is a hit on the match 
would automatically--then the next step is to look. Is there a 
redress number and are they on the cleared list?
    So that is actually built in as an automated piece of the 
Secure Flight engine.
    Ms. Clarke. Thank you.
    Madam Chairwoman, just one final question.
    Last April with the terrorist screening database 
approaching the 1 million record mark, the Terrorist Screening 
Center implemented the Terrorist Encounter Review Process, 
which started in April, to help reduce the number of 
unnecessary records.
    Director Kopel, now that this program has been under way 
for several months, do you have any early results on its level 
of effectiveness? Have many records been flagged for review? If 
so, how many of these have been acted upon and actually removed 
from the system?
    Do you have any statistics available?
    Mr. Kopel. Madam Chairwoman, we do have some statistics. I 
did not bring those with me today, but I can tell you that the 
overall I think success of the program--it is really reaping 
some benefits for everyone.
    What the program does for us is when a person is 
misidentified, that person that has gone through the process I 
think three times, they are automatically referred to our 
redress team for a redress referral of that record.
    If that is determined that they are not the individual, 
which at the time of the redress submittal we know that, then 
we go through the process and we will actually work to get them 
added to the cleared list or the customs list, the primary 
lookout override, without the person ever having to actually 
file a redress complaint.
    Ms. Clarke. I would like to get Ms. Berrick's response, 
Madam Chairwoman. It is a little----
    Ms. Jackson Lee. Yield to the gentlelady.
    Ms. Clarke. Thank you.
    Ms. Berrick. have you looked into the TERP program at all? 
Do you have any thoughts on it? I am sorry--the TSC's TERP 
program.
    Ms. Berrick. No, we haven't looked at that specific 
program.
    If I could, I would like to make a point about the cleared 
list--two points, actually.
    One is that even if an individual goes through the process 
and is added to the cleared list, they still may be 
inconvenienced, because they may not be able to remotely check 
in for their flight. They will have to go to the ticket 
counter, unless the carriers have some other pre-clearance 
system in place.
    So that is point No. 1. Even if you are on a cleared list, 
you may still be inconvenienced is one thing that they need to 
consider.
    The other point just slipped my mind, but I am sure it will 
come back to me.
    Oh, it was that the carrier--we interviewed 14 carriers and 
talked about their use of the cleared list. Actually only 10 of 
the 14 were using the cleared list.
    The reason that they gave was they felt it could identify a 
lot more additional people that would have to come to the 
ticket counter and be cleared, and it caused long lines and 
passenger frustration.
    Now, some of those carriers had alternative clearance 
systems, but not all of the carriers were even using the 
cleared list. So that is why TSA oversight over this process is 
so important.
    Even though Secure Flight is going to begin operations in 
January, that is going to be a phased schedule, so they will 
not be screening all domestic passengers for probably another 
year. After that, they will be screening international 
passengers.
    So in the interim the oversight is very key to make sure 
carriers are following TSA requirements and are using the 
cleared list appropriately.
    Ms. Clarke. Thank you very much, Madam Chairwoman.
    Ms. Jackson Lee. Thank you.
    Our second panel has been enormously patient, and we 
appreciate it very much. I do want to recognize, and ask if she 
wants to ask questions of the first panel, the distinguished 
gentlelady from the District of Columbia.
    Ms. Norton. Thank you, Madam Chairwoman. I want to thank 
you for having this hearing. I stopped by for nothing more than 
to say this.
    I must say just hearing the last few minutes, I am struck 
by whether we ought to give this to some high school nerds, 
because I really do think the notion that we can't figure out 
how to keep from going each time to get another list and going 
to the counter really speaks so poorly of Department of 
Homeland Security that they haven't been able to figure it out, 
that we continue to get complaints.
    I don't think they know how. I think they are thinking 
through how to solve this puzzle. That is what I regard it as. 
It does take more than bureaucrats sitting around saying, 
``Now, how do we do things like this?''
    The way we do things like this is to make sure that this 
person is still the right person. Then we got to create another 
list. That is the kind of bureaucratic thinking that has--you 
may have heard that some of these cleared lists don't even 
exist in some of the airlines.
    But assuming even the airlines that they do exist, surely 
there is some experience around the world that by now we could 
have copied. For example, there--Latin America. I have noted 
all my life how many Latin Americans' names are the same.
    I just wonder if we have looked beyond our shores to see if 
somebody has figured out a way to do this. I don't think it is 
beyond our intellectual capacity, but what I have heard in this 
room, just sitting down here for 5 minutes makes me believe 
that it is beyond the capacity of this agency.
    Have you looked at how other nations, some of which will 
have the same problem, have very large populations, deal with 
this issue of similar names? Or are you talking to yourselves?
    Ms. Jackson Lee. Well, let me ask--I don't want to overstep 
the gentlelady's bounds, and I appreciate if Assistant 
Secretary Hawley----
    If you don't mind, Congresswoman Holmes Norton, if Mr. 
Kopel could answer that. Then we will move to the second panel.
    Ms. Norton. Whoever is qualified to answer.
    Ms. Jackson Lee. Whoever feels competent, but those two 
individuals can jump in and be as pointed as they possibly can.
    Mr. Kopel. Yes, ma'am. One of the missions from the TSC is 
to share terrorist screening information with foreign 
governments.
    We have been very active in going worldwide and meeting 
with many governments, not only to share our terrorist 
watchlist and get information from them, but to learn how they 
use the list, how we can kind of do a build-off of that and how 
they can build off of our system.
    So I think that the answer to your question is that we talk 
to many different countries.
    Ms. Norton. Yes, but I have asked you a very specific 
question. Do countries who also--we are not the only country in 
the world where people have similar names--have they found a 
quick and easy way to do what I think seems to me--again, I am 
serious. Put some nerds together at a table. They will figure 
it out.
    Have any of them found a way to do it without the processes 
that I have described here, and have you sat down with them to 
find that out? Not sharing your list, but how do you do it? How 
long does it take to figure out, to keep coming back, answering 
the questions that you hear from this committee?
    Mr. Hawley. I would like to answer that in the sense that 
we have built the system. One of the things that we said at the 
beginning of the hearing--we had a major announcement that we 
have met the 10 privacy requirements of certification.
    That has occurred from Secretary Chertoff so that the 
privacy piece is in place, the technology is in place, the 
system is built, the matching is done. It is operational, and 
now the next stages are for the authorities to go to require 
the information we need to come in, as well as work with our 
partners so that the airlines can get the information to it.
    So the system is now built. The privacy protections are in 
place. GAO is going to review that over the next 90 days. We 
should be good to go starting in January.
    Ms. Norton. One-stop system?
    Mr. Hawley. One-stop. Yes, ma'am.
    Ms. Norton. I want to thank the gentlelady for what I think 
was an instructive line of thought today. We are going to take 
it one step further. Both of my colleagues have highlighted 
part of the concern that we have.
    One, Mr. Kopel, we are going to have the security briefing 
for our committee so that we can get the oranges and apples 
together. I think that is the concern that I have.
    Certainly a shocking statement by Ms. Berrick that our 
airlines--less of them are using the secured list. I would 
appreciate it if I could get a fuller explanation of that, Ms. 
Berrick, in writing for the committee. It will help us as we 
move forward.
    I am going to ask Assistant Secretary Hawley if he could 
give a response in writing as to what he perceives a fully 
operational Secure Flight will look like, because I am 
concerned that we will now have or should have all the 
participants knowing their obligations.
    Do not give leeway to who can look at a list and who 
doesn't look at a list, because that, if you will, speaks to 
the inconsistencies.
    Our second panel will have representatives from the public 
and as well our technological community and transport to answer 
those questions.
    I would be remiss if I did not thank TSA for meeting their 
certification, and Secretary Chertoff for certifying. I will 
say this one comment, and that is it is important to note--and 
I have mentioned his name before--Drew Griffin, who is a 
reporter for CNN.
    I don't think the answer of calling the inspector general 
of DHS is an answer, which was given by Secretary Chertoff--
maybe well-meaning--that work for those Americans and others 
that are on a list inappropriately to call up the inspector 
general of the DHS.
    So what we have here are the partners--Assistant Secretary 
Hawley, Mr. Wellen, Mr. Kopel, and certainly GAO's Ms. 
Berrick--to get this done. I am going to hopefully leave you 
with the instruction we have to get this done. We will be 
writing legislation.
    I thank this panel very much. I understand there being no 
further questions for our first panel, I thank the witnesses 
for appearing before the subcommittee today for this very 
important hearing.
    Members of the subcommittee may have additional questions 
for you. We ask that you respond to them expeditiously in 
writing.
    We now welcome our second panel to the witness table.
    Again, we thank all of you for your participation.
    Let me welcome our second panel of witnesses. Our first 
witness is Ms. Denise Robinson. Ms. Robinson lives in 
Sunnyvale, California, with her husband and two sons, James and 
Tyler.
    Since 2005, when James was 5 years old, the Robinson family 
has had to deal with the delays and hassles of having a son who 
has been consistently misidentified when traveling.
    Every time the family travels, they have to deal with long 
waits for the ticket counter, or at the ticket counter, close 
calls at missing flights, the inability to use curbside check-
in, and embarrassment.
    Let me note for the record again that Ms. Robinson and her 
son traveled here to Washington, DC, at their own cost. I do 
want to acknowledge as well that even though Ms. Robinson is in 
Sunnyvale, California, she is with strong roots from the great 
State of Texas.
    I am delighted that she has that kind of stamina that comes 
from the great State of Texas. But I think as we listen, my 
colleagues will recognize that the consternation of this 
committee, the commitment to get this right is reflected in a 
young man, who is 8 years old, who has been stupendous by being 
at this hearing starting 2 p.m., and we will reflect what time 
it is now.
    So we are commending Mr. James Robinson, because he has a 
great future in front of him, and it might be that he will be 
sitting in a chairpersonship, if he desires proceeding and 
governing a hearing, as he has been very able in his presence 
here today.
    Our second witness is Ms. Lillie Coney, who is an associate 
director with the Electronic Privacy Information Center. I did 
not construct this to be such, but she also hails from the 
great State of Texas. We thank her for her leadership.
    Additionally, she serves in an advisory capacity to several 
organizations, which include Verified Voting, Accurate Voting 
System Performance Rating, and Open Voting Consortium.
    Our third witness is Mr. John Meenan, who is the executive 
president, chief operating officer of the Air Transport 
Association. Mr. Meenan is responsible for all aspects of ATA 
operations, with a particular focus on technical, safety, 
security, environmental, economic and legal policy issues 
impacting the airline industry.
    Without objection, the witnesses' full statements will be 
inserted in the record. I now ask each witness to summarize his 
or her statement for 5 minutes, beginning with Ms. Robinson.
    We are going to adhere to the rule, and that is that we 
have laid down a compromise that Mr. Robinson at his age will 
communicate through his mom. All of us believe that Mr. 
Robinson--James--could speak for himself, just as he is 
confronted individually as he tries to visit Grandma and others 
when he goes to an airline counter.
    He should be able to address his own grievance and his own 
particular embarrassment, if that is something that occurs to 
the family, but we are going to let Ms. Robinson do so. I hope 
in her statement that she will answer the question--and maybe 
she will consult with James--if he knows what a terrorist 
happens to be.
    So now, however, we recognize Ms. Robinson for 5 minutes, 
with her son, James Robinson, sitting alongside of her. I yield 
to the witness.

         STATEMENT OF DENISE ROBINSON, PRIVATE CITIZEN

    Ms. Robinson. Thank you, Madam Chairwoman. Thank you to the 
committee for the information to come and speak to you today.
    The purpose of my testimony really is to sort of give the 
perspective of a common citizen and dealing with somebody who 
is on the watchlist.
    But before I get to the specifics of our experience, I 
would like to state that I am a strong proponent of the 
watchlist. I believe that in our country we as citizens are 
going to have to accept some inconveniences and be flexible 
with some of the liberties that we have come to expect in order 
to provide the security against terrorism.
    So I am a proponent of it, but I do think that it has been 
mismanaged or not executed to the quality that we in our 
country can do. So I share with you our specific experience 
with James.
    When he was 5, we went to the airport to check in on a 
flight. We were at curbside told that we were not able to check 
in and we must proceed to the ticket counter.
    We did that. The ticket agent took a very long time on the 
phone, on the computer system, not able to answer questions 
that we were asking about why it was taking so long. He kept 
saying, ``I don't know. I mean I can't tell you what is going 
on.'' We kept saying, ``Well, but why is it taking so long?''
    Finally, he would ask, ``Who is James?'' Obviously, we 
pointed to our son. Then he asked, ``How old is he?'' I said, 
``He is 5.'' You know he said, ``I cannot tell you what is 
going on, but I am going to provide you with information, 
printed information that you need to follow.''
    He said, ``I suggest that you follow it for your entire 
family, because I can't tell you any more information.''
    I know there has been a lot of talk today about the 
airlines using the term ``watchlist'' or not. We have never had 
the airlines use the term ``watchlist'' with us over the last 
3\1/2\ years.
    So we were able to make the flight. In hindsight I now know 
that this ticket agent was very confounded with the situation. 
It was probably his first opportunity to come across someone 
who was listed that was so young.
    So anyway, we did make the flight. The printout that he 
gave me was the TSA directions to follow the redress process. I 
did that. It took almost a year to get a response from the TSA.
    I did do the redress process for our entire family. 
However, what was interesting was the only response I got from 
the TSA was a letter for James Robinson. There was no 
communication about any of the other family members.
    Further, the letter was very vague. It stated that a review 
of records was conducted, and where it has been determined that 
a correction to records is warranted, these records have been 
modified. That is very vague from a citizen's perspective.
    To further frustrate me, it said this letter constitutes 
TSA's final agency decision, which is reviewable by a U.S. 
Court of Appeals.
    So you are faced with no further action. I understand that 
the redress process has been revised. I haven't gone through it 
again. But that was our experience.
    So, based on that background, you know my point is that--
and I agree that it can't just be based on the name. The system 
can be a good system, but it can't just be based on the name. 
It has to have other information with it. You know the list is 
only going to grow unless we do something to solve this.
    With James in particular I have encountered this problem on 
every airline. We have frequent flyer programs for him on every 
airline. When I go to the airport, I am the one who approaches 
them and says, ``My son is on the watchlist.'' Then the airline 
then is able to help us manipulate--not manipulate, but get 
through the system, get our boarding passes so that we can get 
on the plane.
    But you know James at his young age is embarrassed by that, 
because all of a sudden he is in the spotlight.
    James, I will ask you now and ask you to answer to me, ``Do 
you know what a terrorist is?''
    His answer is no. He doesn't understand why this problem 
persists with him.
    The other thing that I have done is that I applied for a 
passport for him. When I went through the passport application 
process, I did it with both of my sons. I expected that I would 
have further inquiry in getting James' passport. I did not. I 
used the paperwork. The passport came back.
    Yet when I flew with him yesterday, with his passport, he 
was still on the watchlist. So if we are issuing citizens 
passports without further inquiry, and they are on the 
watchlist, you know it just completely erodes the confidence of 
the citizens in you know the TSA, Homeland Security, 
everything. It erodes our confidence.
    The other thing that has been talked about today is the 
ability to use name variations to circumvent the system. That 
further erodes the confidence, you know because we as citizens 
don't really care, to be honest, whether the watchlist, or the 
application of the watchlist by the airlines--we want the 
system to work.
    That is my expectation is that I am hopeful that this new 
process that will roll out in January 2009 will solve these 
problems and will bring the airlines and the TSA together and 
get all of these extraneous names off the list.
    So, finally, why am I here? I am here for two reasons. 
First, I am obviously here to get my son off the list, whether 
it is the airlines or the TSA, whatever, I want him off the 
list.
    I have been able to manage the process thus far, but as he 
grows up and he begins to travel on his own--it is obvious he 
is not a security threat now, but when he is a teenager or in 
his early 20's and he is traveling on his own domestically, and 
particularly internationally, he could encounter problems. So I 
am here to get him off now.
    The other thing is that, again, I feel very strongly that 
the watchlist is a good tool. I feel very strongly about 
national security for our country. I think we can do a better 
job. Thank you.
    [The statement of Ms. Robinson follows:]
                 Prepared Statement of Denise Robinson
                           September 9, 2008
    Dear Committee Members: Thank you for the invitation to testify 
before your committee on behalf of my son, James Robinson. The purpose 
of this testimony is to highlight key weaknesses, from my perspective, 
in the implementation of the Transportation Safety Administration's 
(TSA) ``Terrorist Watch List''.
    Before I get to the specifics of our situation, I would like to 
state that I am a strong proponent of effective actions by our 
Government to ensure safe travel in the United States. I also believe 
that citizens of this country will have to accept some inconveniences 
and be flexible with some of the liberties that we have come to expect 
in order to gain that additional security. However, I do believe it's 
incumbent on our Government to, very simply, be effective.
    My son, James, has been on the watchlist since 2005 when he was 5 
years old. How do we know this? We know this only through experience 
every time we travel by air. Our first introduction to this situation 
was in 2005 when we were traveling on American Airlines from San 
Francisco to New York JFK Airport to visit his grandmother. Upon 
arriving at curbside check-in, our normal travel procedure, we were 
told by the skycaps that we had to go to the ticket counter to check in 
and receive boarding passes. Once at the ticket counter, the American 
ticket agent spent a significant amount of time on the phone and on the 
computer terminal, so much time that we were concerned about missing 
our flight. When asked what was going on, we were told, ``I can't tell 
you anything''. Obviously, we were concerned. Finally, the ticket agent 
asked which one of us was James and we identified our 5-year old son. 
More time went by on the phone and computer, and he finally asks, ``How 
old is he?'' I replied, ``He's 5''. Growing more concerned, we 
questioned further what the issue was. Again we were told that he could 
not tell us anything but that he would print some information and we 
should follow the directions on that printout for every member of our 
family even though James was the only one he called out specifically.
    The printout included instructions to contact the TSA and provided 
contact information by mail. I contacted the TSA and received a letter 
requesting us to complete the Passenger Identity Verification (PIV) 
form. I completed the forms for all members of our family and mailed 
them to the TSA in April 2005. In February 2006, I received 
communication back from the TSA but it was only one letter addressed to 
James Robinson. There was no communication about the status of the rest 
of the family. The letter to James states that a review of records was 
conducted and ``where it has been determined that a correction to 
records is warranted, these records have been modified . . . ''. To 
date based on our experience at airports, there has been no correction 
to James' records. Additionally, the letter states that ``this letter 
constitutes TSA's final agency decision, which is reviewable by a U.S. 
Court of Appeals . . . ''.
    Based on that background, my main point is, very simply, that the 
watchlist is completely mismanaged. The list is too big and too flawed 
with extraneous names, and the current process for getting off is 
totally ineffective.
    The list only grows. Secretary Chertoff has said that there is a 
``simple solution'' for getting off. In a press conference, Chertoff 
said that ``if the innocent John Smiths provide information such as a 
date of birth to the TSA . . . then when they show identification of 
that date of birth at the airport they are immediately taken out of the 
system''. I provided just that information to the TSA in 2005 and 
provided just that information at the airport; James is still on the 
list. So, if a 5-year old can't get off the watchlist, who can? With 
new people being added to the list and without an effective process for 
getting off, the list is an unwieldy and ineffective tool.
    Divisions of our Government don't cross-reference, creating 
opportunities for the terrorists and frustrations for the rest of us. 
In late 2007, I applied for a U.S. passport for James. The passport was 
issued in January 2008 without any further inquiry, and James remains 
on the watchlist. The irony is clear and perplexing.
    The list is not hard to circumvent. In a CNN investigation about 
the watchlist, which aired on August 19 and included interviews of 
three different James Robinsons including my 8-year-old son, there are 
numerous examples of using variations of the name to avoid the 
watchlist at the airport. For example, one James Robinson who is a 
commercial pilot and licensed to carry a weapon in the cockpit uses Jim 
Robinson to circumvent the hassle. We have used J. Pierce Robinson for 
the same reason. In both cases, just that small change works. Drew 
Griffin, the CNN reporter who is also on the list, has sidestepped the 
list by combining his first and middle name into one. The list is not 
well managed.
    So, why am I here? Why did I take my son out of school and bear the 
expense of traveling to the District of Columbia to testify before you? 
First and foremost for me personally, I am here to get my son, James 
Robinson, off the watchlist. But equally important, I'm here to do my 
part to make it an effective tool in the fight against terrorism. I 
feel very strongly that our country can beat the terrorists. I believe 
that we have the will, resources, intelligence and fortitude in this 
country to prevent them from their main goal, to ruin our way of life. 
I believe the watchlist can be an effective tool if managed; it is 
currently not. I'm hopeful that the new Secure Flight Program that the 
TSA is scheduled to implement in January 2009 will be more effective, 
but I'm not optimistic based on my personal experience.
    Thank you for your invitation to speak before you and your 
consideration of this issue.

    Ms. Jackson Lee. Let me thank you for your testimony. I can 
tell you that you are before a committee that is very strongly 
committed to a cleaned-up watchlist, very strongly committed to 
national security. That is our reason for being.
    So we thank you so very much for your testimony.
    I would now recognize Mr. Meenan.
    I recognize you to summarize your statement for 5 minutes.

STATEMENT OF JOHN M. MEENAN, EXECUTIVE VICE PRESIDENT AND CHIEF 
          OPERATING OFFICER, AIR TRANSPORT ASSOCIATION

    Mr. Meenan. Madam Chairwoman, thank you very much.
    Members, I appreciate the opportunity to appear here today.
    At the outset I would like to say that we certainly regret 
hearing this story, and I know that our managing director of 
security has offered to work with the Robinsons to try to sort 
this out.
    I thought it would be useful to give the committee a 
chronology of what we are dealing with here.
    In October 2001, FAA, and subsequently succeeded by TSA, 
created the first watchlist with just a handful of names that 
were given to the airlines, and we were told not to let them 
board flights. Later in 2001 that morphed into the Selectee 
List, which were people to be handled in a particular process, 
and a No-Fly List.
    At the time the carriers asked for a script as to what they 
should tell these passengers when they arrived, and they were 
respectfully--that request was respectfully declined by FAA and 
TSA. We received no script.
    We also asked how the process should work. They said, ``Use 
your best judgment as to how you design it.''
    The list began to grow through 2002 and 2003. The carriers 
found themselves devoting more and more resources to handling 
these lists largely in a manual process, so they began 
investing in significant changes to their information systems 
to try to automate this.
    Again, that was done based on their own judgment as to how 
that should proceed, using very different information systems 
across the industry. There were no standards provided. So we 
ended up with a variable system that quite honestly in 
hindsight is where the problems really started cropping up.
    Let me be frank with you. The industry economics have not 
contributed to this situation. The fact is that the airlines 
were among the first users of information systems, but to an 
extent we are still using some of those first systems.
    So they are cumbersome. They involve writing of code that 
really isn't done anymore. It is very difficult to find the 
people to do this. It is expensive.
    As we have gone through the process for the last 7 years, 
we get constant requests and requirements from the Government 
that require modification of these systems. All of those go 
into a queue to be taken care of, and honestly, it has not been 
a very neat process.
    It isn't working as smoothly as we would like, and 
obviously, if the economics of the industry were different, we 
think that situation would be handled differently.
    Throughout 2002 and 2003, TSA promised that CAPS II was 
going to come on-line, and it was going to take care of this 
problem. 2003 moved into 2004. CAPS II remained a promise.
    The carriers began receiving frequent modifications of the 
format. The lists that they received from TSA--the formats 
changed, which required constant renovation of the information 
systems, adding further confusion and, honestly, I think 
probably producing some of the problems we are continuing to 
see today.
    You know before CAPS II sort of stopped in its tracks, 
morphed into Secure Flight, that was to be the successor 
system. Again, investments continued to be made, but we were 
awaiting this promise of a Secure Flight system that was going 
to remove this responsibility from the airlines completely and 
put it in the hands of the Government, where they could have 
access to all of the information they need to resolve these 
issues that they can't share with us today.
    So as that process has gone forward, we have done 
everything we can to try to advance it. We are pleased to hear 
from the Government witnesses today that the plans are in place 
to hopefully get that up and running early next year.
    We are doing everything we can to try to expedite that 
process. Obviously, we are looking to this committee for its 
support. We hope that by this time next year that all of these 
issues can be looked at through the rear view mirror, rather 
than coming at us.
    With that, we would be happy to respond to your questions 
in due course.
    [The statement of Mr. Meenan follows:]
                  Prepared Statement of John M. Meenan
                           September 9, 2008
    Thank you, Madame Chairwoman. The Air Transport Association and its 
member airlines welcome the opportunity to appear before you today to 
discuss the critical issues associated with aviation security 
``watchlists.''
    In order to provide the committee with a complete picture, it may 
be helpful to begin with a chronology of the lists during the past 7 
years.
   In October 2001, prior to the creation of the Transportation 
        Security Administration (TSA), the Federal Aviation 
        Administration (FAA) issued the first ``watchlist'' (containing 
        a handful of names) of individuals identified by the FBI. These 
        individuals were not to be allowed to board flights.
   Late in 2001, the list was divided by Security Directive 
        into separate ``No-Fly'' and ``Selectee'' components. As the 
        name implies, No-Fly listees were not to be permitted to board 
        while selectees were to be subject to additional screening. 
        Carrier requests for scripts as to what these individuals 
        should be told were declined, first by the FAA and later by 
        TSA.
   As the lists began to grow in 2002 and 2003, carriers were 
        devoting more and more manpower to this effort. Consequently, 
        many carriers began investing significant resources in 
        information system modifications to automate this process. Two 
        relevant asides are worth mention:
     The carriers were required to use their best judgment in 
            designing those systems, incorporating name variability 
            programs to be certain they found similar names--but 
            without Government guidance or standards. Looking back, 
            problems really began to compound themselves at this point 
            when, absent Government engagement, carriers began to 
            develop highly variable systems, capabilities and 
            procedures.
     Point two, let me be frank: Due to the economics of the 
            airline industry, the legacy information systems we are 
            working with, while reliable, are cumbersome and expensive 
            to modify. They are generally old technology, which adds 
            complexity to the situation. While many carriers would, no 
            doubt, welcome new systems, economic realities control new 
            investment decisions.
   In 2003, many carriers went to work to develop 
        ``preclearance systems''--essentially reviewing each day's 
        anticipated passenger lists against the Government's lists, and 
        pre-resolving any matches to the greatest extent possible. One 
        carrier had approximately 35 full-time employees engaged in 
        this process. Again, as more and more names were added, more 
        efforts were made to automate this process. As a result, 
        carriers incorporated their frequent flyer lists (which 
        provided more detailed identification information) and 
        therefore helped resolve uncertainties. These lists, of course, 
        are highly proprietary and, as a result, being a frequent flyer 
        on one carrier does not help clear a passenger traveling on 
        another airline.
   Throughout 2002 and 2003, TSA indicated that its Computer 
        Assisted Passenger Pre-Screening program (CAPPS II) was moving 
        forward and would soon replace the carrier programs with a TSA 
        risk-assessment and passenger-authentication program.
   As 2003 moved on to 2004, CAPPS II remained a promise. At 
        the same time, TSA began modifying procedures and list formats, 
        usually without industry consultation, resulting in frequent 
        and redundant reprogramming in order to enable the loading of 
        the modified lists.
   By 2004, CAPPS II had morphed into the newly promised Secure 
        Flight--and TSA's renewed commitment to take over the watchlist 
        matching function. The carriers have made every effort to 
        support this initiative, noting only their concern that Secure 
        Flight be thoroughly vetted and tested to avoid further 
        complications.
   Throughout this period, the lists had continued to grow--the 
        No-Fly and Selectee lists alone exceeded 145,000 names. Added 
        to that, we now have a so-called ``cleared list,'' which TSA 
        developed to respond to passengers who had been inconvenienced. 
        Unfortunately again, with wide variations among carrier's 
        processing capabilities, passenger delays were inevitable. 
        Given of the absence of TSA/industry consultation, the 
        investments to develop robust carrier preclearance systems, the 
        cleared list are next to useless.
   Over the past 7 years we have worked with no fewer than 
        five--TSA CAPPS II/Secure Flight program directors. Carriers 
        have, as for 2007 (the last time we updated the data) spent 
        some $44 million maintaining, developing and operating 
        screening systems. (We acknowledge this figure is imprecise, 
        since these expenses are not tracked more closely.) We have 
        participated in numerous teleconferences and provided personnel 
        for literally dozens of meeting with the TSA, particularly 
        seeking to advance first, CAPPS II, and then Secure Flight.
    I am pleased to report that in recent months, TSA and airlines have 
been working closely to further reduce the number of passengers 
misidentified through the Watch List process. We know this is a 
difficult assignment for the TSA and for the airlines--and we are 
committed to ensuring that it is effective. The Department of Homeland 
Security (DHS) and TSA have now provided more detailed guidance as to 
functional system requirements; carriers have been authorized to 
incorporate date of birth information into their records to help 
address misidentifications; carriers have also redoubled their efforts 
to encourage customers to join their frequent flyer programs--which, 
for the most part, provides the optimal use of existing technology to 
avoid misidentification; TSA has provided a script for carrier use to 
advise passengers why they may not be able to check in on-line or at a 
kiosk. Taken together these initiatives should help to further reduce 
passenger inconvenience.
    We know too that TSA plans to begin to roll out Secure Flight, 
which may ultimately resolve the problem of watchlist misidentification 
by early 2009. We are fully supportive of this effort--subject only to 
the caveat that it be fully vetted prior to implementation to assure 
that passenger pre-screening is truly improved. We urge this 
committee's full and active engagement in the development and 
deployment of Secure Flight and thank you for the opportunity to appear 
today.

    Ms. Jackson Lee. Mr. Meenan, I thank you for your 
testimony.
    I would now like to yield 5 minutes to Ms. Coney----

   STATEMENT OF LILLIE CONEY, ASSOCIATE DIRECTOR, ELECTRONIC 
                   PRIVACY INFORMATION CENTER

    Ms. Coney. Thank you, Congresswoman.
    Ms. Jackson Lee [continuing]. To summarize her statement.
    Ms. Coney. Congresswoman Jackson Lee, Ranking Member Daniel 
Lungren, Congresswoman Norton and Congresswoman Clarke, thank 
you for the opportunity to appear before you today.
    EPIC is a nonpartisan public interest research organization 
established in 1994 to focus public attention on emerging civil 
liberties issues. We are very pleased that the committee is 
holding this hearing on ensuring America's security, cleaning 
up the Nation's watchlist.
    There are three primary problems with the security 
watchlist. First, the databases in the system are not subject 
to the full safeguards of the Privacy Act of 1974. The 
Transportation Security Administration has sought wide-ranging 
exemptions from the record system, and private companies 
engaged by the agency are not subject to the Privacy Act.
    As a result, legal safeguards that help ensure accuracy and 
accountability and other Federal databases are absent from the 
watchlist system.
    Second, the security watchlist on which the system is based 
are riddled with inaccurate and obsolete data. In September 
2005 documents obtained by EPIC under the Freedom of 
Information Act revealed travelers' struggles with watchlist 
errors.
    The situation has not changed materially, and recently 
continues to reveal more incidents of false positives and 
harrowing experiences of legitimate travelers.
    Third, the existence of the Registered Traveler Program may 
become a textbook example of security failure.
    The Privacy Act requires that data collected should be 
limited to only what is relevant and necessary. However, the 
TRIP program does not perform a critical process to determine 
if the collection of information is necessary.
    Second, the data collected should be specific to the kind 
of problem the traveler may have experienced.
    Third, the information collected must only be used to 
resolve the problem. TRIP does not distinguish between frequent 
air travelers and infrequent air travelers. All air traveler 
travel experiences are not equal.
    Some, like Members of Congress, may travel on average 30 or 
40 weeks out of the year. Very infrequent air travelers may 
travel once over several years.
    One of the principal protections offered by the Privacy Act 
and Fair Information Practices is transparency. Transparency is 
a key component of a functioning, healthy democracy.
    Efforts to provide due process by DHS must remove ambiguity 
that may currently exist in the minds of agency administrators 
regarding their obligation to make public information related 
to watchlists and prohibitions on travel.
    The FBI Terrorist Screening Center manages watchlists used 
by DHS to screen air travelers. The inspector general of the 
U.S. Department of Justice found that the Terrorist Screening 
Center is relying on two interconnected versions of the 
watchlist database.
    The inspector general found that the methodology adopted by 
the FBI to nominate new names as flawed. The inspector general 
concluded that this procedure resulted in the TSC being unable 
to ensure that consistent, accurate and complete terrorist 
information is disseminated to frontline screening agents in a 
timely manner.
    Further, there must also be a clear statutory definition of 
the words ``terrorism'' and ``terrorists,'' as well as the 
phrase ``terrorist organization.'' Without clear definitions, 
these designations could be misused, such as in the past, when 
the word ``subversive'' was used to justify actions taken 
against some civil rights activists, civil liberties groups and 
others who engaged in lawful pursuit.
    In order to ensure American air travel security, the 
watchlist must not only be cleaned up of errors. The Government 
must also ensure that an inaccurate data is not entered into 
the database in the first place.
    Further, it must be transparent to the general public by 
providing information on the existence of watchlists, 
disclosing the penalties for being listed, publicizing the 
redress procedure, ensuring effective due process rights for 
travelers, and cleaning up the appeals process for agency 
decisions.
    Finally, each traveler denied the right to travel should 
have access to the courts. It is our hope that the work set 
forth by this committee will lead to a more just, fair, 
privacy-centric and transparent watchlist program.
    Thank you.
    [The statement of Ms. Coney follows:]
                   Prepared Statement of Lillie Coney
                           September 9, 2008
    Chairwoman Sheila Jackson Lee and Ranking Member Daniel E. Lungren, 
thank you for the opportunity to appear before you today. My name is 
Lillie Coney and I am Associate Director of the Electronic Privacy 
Information Center in Washington, DC. EPIC is a non-partisan public 
interest research organization established in 1994 to focus public 
attention on emerging civil liberties issues. We are very pleased that 
the committee is holding this hearing on ``Ensuring America's Security: 
Cleaning Up the Nation's Watchlists.'' The watchlist program is 
dysfunctional because it is a black box system. Information goes into 
the process, but not very much escapes, including when errors are made. 
Poor list creation and management not only cost taxpayers money, they 
may also deny individuals a fundamental constitutional right to 
travel.\1\ I ask that my complete statement and our summary of the on-
going problems with watchlist errors be entered into the hearing 
record.
---------------------------------------------------------------------------
    \1\ Saenz v. Roe, 526 U.S. 489 (1999).
---------------------------------------------------------------------------
    In my statement today, I wish to call your attention to three 
primary problems with the security watchlists. First, the databases in 
the system are not subject to the full safeguards of the Privacy Act of 
1974,\2\ as the Transportation Security Administration (TSA) has sought 
wide-ranging exemptions for the record system and private companies 
engaged by the agency are not subject to the Privacy Act.\3\ As a 
result, legal safeguards that help ensure accuracy and accountability 
in other databases are absent from the watchlist system.
---------------------------------------------------------------------------
    \2\ 28 CFR  16.96(r)(1).
    \3\ Privacy Act Amendments 2005, EPIC, available at http://
epic.org/privacy/laws/privacy_act.html.
---------------------------------------------------------------------------
    The second flaw of the program aggravates the issue further--the 
security watchlists on which the system is based are riddled with 
inaccurate and obsolete data.\4\ In September 2005, documents obtained 
by EPIC under the Freedom of Information Act revealed travelers' 
struggles with watchlist errors.\5\ The situation has not changed 
materially and recent news continues to reveal more incidents of false 
positives and harrowing experiences of legitimate travelers.\6\
---------------------------------------------------------------------------
    \4\ Watchlist FOIA Documents, available at http://epic.org/privacy/
airtravel/foia/watchlist_foia_analysis.html/.
    \5\ EPIC FOIA Notes No. 8, available at http://epic.org/foia_notes/
note8.html/.
    \6\ Drew Griffin and Kathleen Johnston, ``Airline captain, lawyer, 
child on terror `watchlist' '', CNN, Aug. 19, 2008 available at http://
www.cnn.com/2008/US/08/19/tsa.watch.list/. See also ``Formal calls for 
probe into reporter's name on no-fly list'', CNN, July 17, 2008 
available at http://www.cnn.com/2008/US/07/17/watchlist.chertoff/
index.html.
---------------------------------------------------------------------------
    Third, the existence of the Registered Traveler program may become 
a textbook example of ``Security Theater.''\7\ Further, the approach is 
triggering typical hallmarks of ``mission creep''--the databases of 
personal information collected by private sector companies will be used 
for purposes other than originally intended--aviation security. The TSA 
has outsourced the vetting of bona fide air-travelers to Verified 
Identity Pass, Inc. (Verified ID), a privately held company running The 
Clear Registered Traveler program (Clear).
---------------------------------------------------------------------------
    \7\ Bruce Schneier, ``The Feeling and Reality of Security'', Apr. 
8, 2008 at http://www.schneier.com/blog/archives/2008/04/
the_feeling_and_1.html (describing security countermeasures intended to 
provide the feeling of improved security while doing little or nothing 
to actually improve security).
---------------------------------------------------------------------------
    For a year, San Francisco air travelers have been offered the 
option of enrollment in the Clear Registered Traveler Program at a cost 
of $128. Those who registered were given a biometric ID card that could 
be used to bypass regular security lines. In August of this year, 
Verified ID reported the theft of a laptop containing registration 
information from its San Francisco office. The agency is now 
prohibiting Verified ID from registering new customers into the 
Registered Traveler program. Registered traveler schemes are all 
vulnerable to several serious flaws, including the example presented in 
this news item. Travelers who registered for the program may find 
themselves waiting in lines once again. Later, it was reported that the 
laptop was returned to the office it was stolen from.\8\
---------------------------------------------------------------------------
    \8\ ``Laptop with traveler info likely stolen, returned,'' Marcus 
Wholsen, Business Week, August 2008, available at http://
www.businessweek.com/ap/financialnews/D92GO1A00.htm.
---------------------------------------------------------------------------
    In order to ensure America's air travel security, the watchlist 
must not only be cleaned up of errors, the Government must also ensure 
that inaccurate data is not entered into the database in the first 
place. Further, it must be transparent to the general public by: 
providing information on the existence of the watchlists; disclosing 
the penalties for being listed; publicizing the redress procedures; 
ensuring effective due process rights for travelers, and cleaning up 
the appeals process for agency decisions. Finally, each traveler denied 
the right to travel should have access to the courts.
                          the privacy act 1974
    The protection of privacy is hardly a new problem. An 1890 journal 
article written by American lawyers Samuel Warren and Louis Brandies 
entitled the ``Right to Privacy,'' captured the attention of law 
scholars, legislators, and the public. This law journal article has 
been cited and debated for over a century, and has guided the 
establishment of laws and international norms that restrain the power 
of technology and human curiosity to encroach on an individual's 
``right to be let alone.''\9\
---------------------------------------------------------------------------
    \9\ Samuel Warren & Louis Brandies, The Right to Privacy, 4 Harvard 
Law Review 193 (1890).
---------------------------------------------------------------------------
    In 1948, the right of privacy found a place in international law 
through its adoption into the Universal Declaration of Human 
Rights.\10\ Article 12 states:
---------------------------------------------------------------------------
    \10\ Universal Declaration of Human Rights, adopted and proclaimed 
by General Assembly resolution 217 A(III) on December 10, 1948, 
available at http://www.un.org/Overview/rights.html.

No one shall be subjected to arbitrary interference with his privacy, 
family, home or correspondence, nor to attacks upon his honour and 
reputation. Everyone has the right to the protection of the law against 
---------------------------------------------------------------------------
such interference or attacks.

    The ``Digital Information Age,'' ushered in a much-needed expansion 
of the fundamental human right of privacy. During the 1960s and 1970s, 
interest in the protection of privacy rights increased with the arrival 
of the information technology revolution. Congress in its wisdom acted 
not in the wake of disaster, but prospectively to address the real 
threats posed by powerful computer systems. The Federal Privacy Act 
established the right of citizens to be free from Government abuse and 
misuse of personal information, and the right to be informed of the 
actions taken by the Federal Government on their behalf.
    The Privacy Act of 1974 was passed in response to concerns about 
how the creation and use of computerized databases might impact 
individuals' privacy rights. However, its scope was limited to Federal 
Government agencies. It safeguards privacy of Federal Government-held 
records through the creation of four procedural and substantive rights 
in personal data. First, the Privacy Act requires Government agencies 
to show an individual any records kept on him or her. Second, it 
requires agencies to follow certain principles, called ``fair 
information practices,'' when gathering and handling personal data.\11\ 
Third, it places restrictions on how agencies can share an individual's 
data with other people and agencies. Fourth and finally, it allows 
individuals to sue the Government for violating the provisions of the 
Act.
---------------------------------------------------------------------------
    \11\ Fair Information Practices, EPIC, http://epic.org/privacy/
consumer/code_fair_info.html.
---------------------------------------------------------------------------
    There are, however, several exceptions to the Privacy Act. For 
example, Government agencies that are engaged in law enforcement can 
excuse themselves from the Act's rules. Agencies have also circumvented 
information sharing rules by exploiting a ``routine use'' exemption. In 
addition, the Act applies only to certain Federal Government agencies 
(except for Section 7's limits on the Social Security Number (SSN) that 
applies to Federal, State, and local governments). Aside from Section 
7, the Privacy Act does not cover State and local governments, though 
individual States may have their own laws regarding record keeping on 
individuals.
    In August 2007, The Department of Homeland Security published in 
the Federal Register its ``Privacy Act of 1974; Implementation of 
Exemptions; Security Flight Records''.\12\ The Federal Register notice 
states that the agency is claiming the exemption agency conduct under 
the Privacy Act, which include the statue's core privacy protections. 
DHS is exempting itself from Privacy Act requirements that its records 
on individuals are accurate; that the data collect is limited to only 
information that is relevant, and that U.S. citizens be afforded due 
process rights to appeal agency decisions.
---------------------------------------------------------------------------
    \12\ Federal Register, Department of Homeland Security, TSA 49 CFR 
Part 1507, Privacy Act of 1974: Implementation of Exemptions; Secure 
Flight Records, pg. 48397-48400, August 23, 2007, available at http://
edocket.access.gpo.gov/2007/E7-15963.htm.
---------------------------------------------------------------------------
    The agency message on privacy for those visiting the TRIP web site 
is published on a page titled ``DHS TRIP and Your Privacy.'' The 
information provided does not disclose that the agency is claiming a 
wide range of exemptions from the Privacy Act. It states:\13\
---------------------------------------------------------------------------
    \13\ Department of Homeland Security, How to Use DHS TRIP, Section: 
DHS TRIP and Your Privacy, available at http://www.dhs.gov/xtrvlsec/
programs/gc_1169826536380.shtm.

The Department of Homeland Security safeguards the privacy of any 
personal information that you provide in your inquiry to DHS TRIP. This 
information will be protected and will only be shared in accordance 
with the provisions of the Privacy Act of 1974 (5 U.S.C.  552a) and as 
---------------------------------------------------------------------------
provided in the Privacy Impact Assessment published for DHS TRIP.

There is a fundamental failure to adhere to the Privacy Act in the 
current system used by the DHS's online Traveler Redress Inquiry 
Program (TRIP). TRIP is a one-stop voluntary program to provide a means 
for individuals to request redress who believe they have been: (1) 
Denied or delayed boarding transportation due to DHS screening 
programs; (2) denied or delayed entry into or departure from the United 
States at a port of entry; or, (3) identified for additional 
(secondary) screening at our Nation's transportation facilities, 
including airports and seaports.\14\
---------------------------------------------------------------------------
    \14\ Transportation Security Administration, Department of Homeland 
Security, DHS Traveler Redress Inquiry Program (DHS TRIP), Contact: 
James Kennedy, January 18, 2007.
---------------------------------------------------------------------------
    First, the Privacy Act requires that data collection be limited to 
only what is ``relevant and necessary.'' However, the TRIP program does 
not perform a critical process to determine if the collection of 
information is necessary.\15\ Second, the data collected should be 
specific to the kind of problem the traveler may have experienced. 
Third, the information collected must only be used to resolve the 
problem. Once the travel issue is identified, and if necessary 
investigated data not needed should be discarded from the system. TRIP 
does not distinguish between frequent travelers and infrequent 
travelers. All air travel experiences are not equal--some like Members 
of Congress may travel on average 30-40 weeks out of the year. Very 
infrequent air travelers may travel once over several years.
---------------------------------------------------------------------------
    \15\ Lillie Coney, This Testimony, Attachment A, House Committee on 
Homeland Security, Subcommittee on Transportation, Security, and 
Infrastructure Protection, September 9, 2008, also see: http://
www.dhs.gov/xtrvlsec/programs/gc_1169673653081.shtm.
---------------------------------------------------------------------------
    Prior to collecting personally identifiable information from 
travelers DHS's TRIP process should first separate the subjective from 
objective travel experience of the respondent. Second, there are 
several points in airport traveler processing that passengers may 
experience problems: the ticket counter or ticket kiosk, the security 
screening to enter gate areas, and the boarding process to enter a 
airplane. A series of questions could help navigate inquiries to 
relevant information such as why repeated request to re-enter a 
magnetometer might happen, why fluid containers above a certain size 
will prompt secondary screening, why laptops left in carry-on luggage 
will promote a secondary screening process.
    There is no link on the DHS homepage to the One-Stop Travelers' 
Redress web page. Further the on-line process does include an automated 
routing method to guide the respondent through the process. The program 
page has three options ``Should I Use DHS TRIP,'' ``How to use DHS 
TRIP'' and ``After your inquiry.''\16\ The actual on-line application 
starts with a series of questions that include ``Do you feel you were 
discriminated against; Do you believe that the U.S. Government's record 
of your personal information is inaccurate; You were unfairly detained; 
You could not print a boarding pass; You were delayed or detained; You 
were told: your fingerprints were incorrect, your photo did not match, 
your information was incomplete or inaccurate, you are on a No-Fly 
list; You want to amend a travel record or Ensure your biometric record 
created by US-VISIT is removed.''\17\
---------------------------------------------------------------------------
    \16\ Department of Homeland Security, One-Stop Travelers' Redress, 
available at http://www.dhs.gov/xtrvlsec/programs/
gc_1169673653081.shtm.
    \17\ Department of Homeland Security, Traveler Inquiry Form, 
available at http://www.dhs.gov/xlibrary/assets/
DHSTRIP_Traveler_Inquiry_Form.pdf.
---------------------------------------------------------------------------
    The series of questions conflates the US-VISIT process with the 
typical U.S. citizen's experience with domestic air travel. The United 
States Visitor and Immigrant Status Indicator Technology (US-VISIT) is 
an integrated Government-wide program intended to improve the Nation's 
capability to collect information about foreign nationals who travel to 
the United States, as well as control the pre-entry, entry, status, and 
exit of these travelers. The US-VISIT system of data collection does 
not include U.S. citizens. If DHS has access to biometric data on U.S. 
citizens, or dossiers then that should be disclosed to Congress and to 
the traveling public. In any case it is important that to convey 
incorrect information to travelers by conflating the two programs and 
to appropriately eliminate respondents from the data collection process 
based on objective negative travel experiences. [Footnote exhibit]
                dhs must increase watchlist transparency
    One of the principle protections offered by the Privacy Act and 
fair information practices is transparency. Transparency is a key 
component of a functioning healthy democracy. It can be translated into 
public policy decisions that allow citizens, policymakers, and the 
media to assure themselves that a local, State or Federal Government 
agency is functioning as intended.\18\
---------------------------------------------------------------------------
    \18\ EPIC, Litigation Under the Federal Open Government Laws (FOIA) 
2006, web page, available at http://www.epic.org/bookstore/foia2006/.
---------------------------------------------------------------------------
    Efforts to provide due process by DHS must remove ambiguity that 
may currently exist in the minds of agency administrators regarding 
their obligations to make public information related to watchlists and 
prohibitions on travel. EPIC filed a court challenge to an attempt by 
the Transportation Security Administration to withhold a Privacy Impact 
Assessment from the public, which was in violation of Federal law.\19\ 
EPIC requested the Privacy Impact Assessments from the TSA under the 
Freedom of Information Act, and received heavily redacted documents 
from the agency in its reply.\20\ EPIC sued the agency for full 
disclosure of the documents as required by the E-Government Act. The 
TSA argued that the Federal Privacy Act and the E-Government Act, which 
requires publication of Privacy Impact Assessments, were segregated.
---------------------------------------------------------------------------
    \19\ EPIC v. US Transportation Security Administration, Civil 
Action No. 03-1846 (CKK), available at http://www.epic.org/privacy/
airtravel/pia_order.pdf, August 2, 2004.
    \20\ EPIC, Alert e-Newsletter, Volume 11.18, available at http://
legalminds.lp.findlaw.com/list/epic-news/msg00164.html, September 24, 
2004.
---------------------------------------------------------------------------
                            watchlist errors
    The watchlists are comprised of entries derived from multiple 
sources.\21\ However, as the process of compiling the lists is unknown, 
methods of quality control at this stage are unclear and unknown. 
Senators Ted Kennedy and Don Young, for instance, have both been 
improperly placed on the lists in error. Catherine Stevens, wife of 
Alaska Sen. Ted Stevens have also faced difficulties.
---------------------------------------------------------------------------
    \21\ ``Follow-up Audit of the Terrorist Screening Center'' Audit 
Report 07-41, Sept. 2007, U.S. Dept. of Justice, Office of the 
Inspector General, Audit Division available at http://www.usdoj.gov/
oig/reports/FBI/a0741/final.pdf.
---------------------------------------------------------------------------
    The Inspector General of the U.S. Dept. of Justice found that the 
Terrorist Screening Center (``TSC'') is relying on two interconnected 
versions of the watchlist database. As a result, not only were names 
missing from the frontline personnels' computers, but also the numbers 
of duplicate records have significantly increased since the last 
review.\22\ Further, the TSC had not taken adequate steps to ensure 
that the content of the two databases was identical. In brief, the 
Inspector General found that the methodology adopted by the FBI to 
nominate new names was flawed.\23\ The Inspector General concluded that 
this procedure resulted in the TSC being ``unable to ensure that 
consistent, accurate, and complete terrorist information is 
disseminated to frontline screening agents in a timely manner. 
Moreover, the TSC determined that the Terrorist Screening Database 
contained over 2,000 watchlist records that did not belong in the 
database''\24\ in the first place and included some records that were 
inappropriately maintained without any watchlist designation.\25\ The 
Inspector General's report details deterioration in the quality of the 
database arising from and perpetuated by the fact that the database 
grew from 150,000 in April 2004 to 724,442 in April 2007. With such a 
high rate of increase, and poor algorithms, the record-by-record review 
could not be completed within the time frame.\26\
---------------------------------------------------------------------------
    \22\ Id.
    \23\ Id at page 12.
    \24\ Id.
    \25\ Id. at page 13.
    \26\ Id. at page 41.
---------------------------------------------------------------------------
    Even with such official reports, the database continues to be 
plagued with problems. The United States Government Accountability 
Office also concluded that ``lacking clearly articulable principles, 
milestones, and outcome measures, the federal government is not easily 
able to provide accountability and have a basis for monitoring to 
ensure (1) the intended goals for, and expected results of, terrorist 
screening are being achieved and (2) use of the list is consistent with 
privacy and civil liberties.''\27\ In recent glaring examples, a 
lawyer, an airline captain and a child were found to be on the terror 
watchlist.\28\ In another case, an investigative reporter for CNN found 
his name on the TSA watchlist after he completed his investigation of 
the TSA.\29\
---------------------------------------------------------------------------
    \27\ United States Government Accountability Office, ``TERRORIST 
WATCHLIST SCREENING: Opportunities Exist to Enhance Management 
Oversight, Reduce Vulnerabilities in Agency Screening Processes, and 
Expand Use of the List'', Oct. 2007, available http://www.gao.gov/
new.items/d08110.pdf.
    \28\ See supra note 5.
    \29\ ``Formal calls for probe into reporter's name on no-fly 
list'', CNN, July 17, 2008 available at http://www.cnn.com/2008/US/07/
17/watchlist.chertoff/index.html.
---------------------------------------------------------------------------
    There must be a clear statutory definition of the words 
``terrorism,'' and ``terrorist,'' as well as the phrase ``terrorist 
organization.''\30\ Without clear definitions, these designations could 
be misused, such as in the past when the word ``subversive'' was used 
to justify actions taken against some civil rights activists, civil 
liberty groups and others who were engaged in lawful pursuits. 
Currently, each agency uses its own definitions for these terms, which 
means a moving bar exists for inclusion of names on watchlists.
---------------------------------------------------------------------------
    \30\ GAO, Terrorist Watchlist Screening, GAO-08110, October 2007.
---------------------------------------------------------------------------
    It is therefore respectfully urged that methods of nomination of 
names into the database be scrutinized, people be given further 
information about the processes involved instead of filling out lengthy 
questionnaires providing personal information, and additional steps be 
taken to ensure the information in the database is accurate, timely and 
amenable to correction.
                            recommendations
   DHS should employ the expertise of a human factors expert to 
        revamp the TRIP query process to help eliminate the data 
        collection process to only those affected by watchlist issues.
   The agency should be prohibited from exempting itself from 
        Privacy Act enforcement obligations.
   The process for citizens and non-citizens should be clear 
        and governed by a series of questions. The information 
        presented should make it clear if it is intended for a citizen 
        or non-citizen. The information collected should only apply to 
        that category.
   Respondents should be told their rights and protections 
        afforded to them.
   Over-collection of data should be prohibited.
   Agency personnel, airlines, and contractors should be held 
        accountable by Privacy Act civil and criminal penalties or held 
        to contract obligations with the equivalent effect.
                               conclusion
    It is necessary to first analyze at what points travelers are 
stopped by the watchlist. The first point of interaction is at the 
check-in or obtaining of a boarding pass. If the passenger is on the 
so-called ``Selectee'' list, she will be subjected to additional 
screening. However, the collection of a ticket or boarding pass may be 
disassociated with the actual screening process. The next point where 
her identification is checked is at the entry to the security screening 
area. Boarding passes are taken or checked at the gate prior to 
boarding. When a traveler experiences difficulty in the airport 
screening, baggage check-in, security screening, or during the flight 
boarding process, it is important to differentiate between something 
they are asked to do that is different from other passengers. Further, 
it is vital that all other possible explanations for the different 
treatment be eliminated before asking the respondent for personally 
identifiable information.
    It is our hope that the work set forth by this committee will lead 
to a more just, fair, privacy centric, and transparent watchlist 
program.
    Thank you.

    Ms. Jackson Lee. Let me thank our witnesses for framing 
this question for the second panel. I will yield myself 5 
minutes to begin the questioning.
    I want to thank Congresswoman Eleanor Holmes Norton for her 
contribution to this important discussion.
    It is not difficult to in this instance give the challenges 
and not providing the solution. I am very glad that Ms. 
Robinson made it very clear that she has flown across the 
country, wanting to reaffirm her commitment to the security of 
this Nation.
    I am glad to hear that from just as she said, as we have 
described her, a public citizen, a citizen of America, and that 
she agrees with the concept, if you will, of a watchlist that 
works.
    I thank Ms. Clarke for her service.
    But at the same time she asks the question: Why we can't 
get it right? So I am going to allow you, and I would like you 
to really espouse and feel free to recall some pointed 
incidences that in your testimony you were not able to detail. 
Do it in the framework that we have highlighted, that we are 
talking about misidentity.
    So we have a watchlist, and I, certainly in a secured 
briefing, will ask the hard questions and making sure that is a 
scrubbed watchlist, meaning that it is accurate from that 
perspective.
    But we have had the media bring to our attention three 
James Robinsons with impeccable credentials, to our knowledge, 
from the United States military, Department of Justice, and I 
can't imagine that that does not fit James Robinson, who is 8 
years old.
    So what happens is that we have misidentification. I am 
glad that we have not had someone indicate he is on the 
watchlist, but you have also had them indicate silence or 
inability to explain your situation.
    Would you share with us, maybe in a little bit more detail, 
the breadth and depth of embarrassment or confusion or delay 
that comes about that really needs to push this committee and 
our good friends in the airline industry to work together to 
find a solution?
    We could be here 5 years from now, speaking about the same 
issue. Why? Because 9/11 will keep us in this mode. We are in a 
new sphere, a new era of American history and culture. That is 
all right. We are Americans. We know how to deal with it.
    But the question is, tell us what is really confronting 
Americans who confront this on a regular basis.
    Ms. Robinson. Thank you. I would be happy to. So again, our 
experiences when we go to the airport, you know we are faced 
with having to go to the ticket counter, stand in the lines. At 
the ticket counter, we are there for a long period of time. 
They are searching.
    You know we all have to show identification. I don't always 
have identification for the children. I don't typically travel 
with their birth certificates. Sometimes the children are 
questioned about what their name is, who they are, et cetera.
    You know that is embarrassing for them, because that is not 
typical. It is also you know they will ask them how old they 
are, what their birthrate is, et cetera. It just puts them on 
the spot in a situation where, when they are so young, they 
don't need to be put in a spotlight like that.
    Then you know this process at the ticker counter can take 
30 minutes, 45 minutes, et cetera.
    Even if we arrive at the airport early, which we do, 
because travel with this situation is always uncertain you 
know. Given the length of security lines, et cetera, and not 
knowing which airline is going to respond in what way. It is 
just very stressful to travel. It is very stressful, whether we 
are actually going to make the flight or not.
    I just think that these situations are unnecessary. As I 
have said before, I have used variations of his name in order 
to try to circumvent it so that it is not so stressful to 
travel.
    We have, you know, hesitated taking trips because of this, 
which I think is sort of a sad commentary on the security of 
our Nation that you know, because in that way we are altering 
our lifestyle, which is exactly what the terrorists want us to 
do.
    So you know it is these sorts of experiences that we 
encounter when we travel that I think are unnecessary.
    Ms. Jackson Lee. While we are going to other questions, I 
am going to ask you to consult with James if he can in his own 
words tell us--does he know why he is here? If he in his own 
words can share any thoughts--in his own words meaning through 
you--so that we have a reflection of him, because he has been, 
as I said, I know this is going to late hours, but we want to 
make sure that we can hear from him, if you can explain to him, 
and I know that you can, as we go on to the other witnesses.
    So thank you for your testimony.
    Mr. Meenan, let me ask you a question. What are some of the 
impacts of air carriers using different watchlist matching 
systems to pre-screen passengers?
    Mr. Meenan. It has led to a lot of inconsistency in the 
system. Just within the last few months, however, a lot of 
changes have been made. We have now gotten much more detailed 
guidance from the TSA as to how these systems are to work, how 
the name matching is to occur. That didn't take place until 
very recently.
    We also now have a script that the Government has provided 
for us by customer service representatives that I think will 
give the public a better message and a better understanding of 
how to resolve these things.
    From our perspective the cleared list has not been 
particularly helpful. It was really developed by the Government 
without consultation with the industry. While we have tried 
to--various carriers have tried to use it in different ways. It 
doesn't fit well with the screening systems that we have in 
place.
    Ms. Jackson Lee. Mr. Meenan, if I might, it is shocking to 
me to know that some airlines use it and some airlines don't. 
That is a very poor response. I don't know if you have made 
that known to the Government, but certainly the Congress is now 
aware of this sort of haphazard inconsistency that impacts the 
traveling public negatively.
    Mr. Meenan. The watchlist is used consistently and with 
increasing consistency across the industry. As you will recall, 
I noted at the beginning we were told simply use your best 
judgment as to how to develop these systems. Each carrier did 
things differently.
    The watchlist, or the cleared list, rather, was just 
announced last April without any pre-consultation with the 
industry. Many carriers are using it, but in some cases it 
doesn't fit well. It is better for the customer to continue to 
use the screening systems that we have got in place while the 
carriers try to figure out ways to better use the cleared list.
    The fact is that Secure Flight will resolve all of these 
issues, once it is up and running. That is where we believe the 
greatest emphasis needs to be put. We need to get the Secure 
Flight program.
    Remember, for 7 years we have been engaged in efforts with 
the Government to try to do what they want done to clear these 
passenger lists effectively. I think we are pretty good at 
that. Unfortunately, it has inconvenienced a lot of people.
    On the plus side, obviously, we are very good at catching 
the people that we don't want on these airplanes or who are 
required to receive special clearance.
    But the fact is we do want to eliminate this problem as 
well. The best way that we have identified to accomplish that, 
and I am not quite sure why it hasn't worked in the case we 
have heard about today, is for people to enroll in frequent 
flyer programs, because then the carriers have additional data 
elements that they collect on their own, which they can use to 
help clear individuals for whom there are questions as to 
whether or not--the problem right now is that if you have got a 
name identified and an age, you need to resolve that in some 
way. So you may actually have to physically look at this 
individual and try to determine how old they really are, other 
characteristics, and so forth.
    We don't want to be doing that anymore. Secure Flight will 
take care of that once and for all. That is where we believe 
the Government needs to put the strongest emphasis.
    Ms. Jackson Lee. Well, I think we have already conceded the 
fact that we are all accepting of inconvenience. I think what 
Ms. Robinson's testimony has indicated is that it is more than 
inconvenience. It is long stays at the counter, where the 
person cannot distinguish from the information that the airline 
has between an 8-year-old and someone who happens to have the 
same name.
    That I think is egregious. That is not precise information 
that would give them the judgment and the comfort to be able to 
note that this is the wrong person. I think the very use of an 
8-year-old for this hearing is that we wanted to show there are 
some things that can be done more quickly than what I imagine 
the Robinsons are facing.
    So I ask you what kind of financial commitment under Secure 
Flight are the airlines collectively prepared to make?
    Mr. Meenan. Well, the airlines have already expended many, 
many millions of dollars in developing the systems that are in 
place today. Secure Flight is actually a process through which 
the Government will take over the screening system completely.
    We will be providing them information. There will be costs 
associated with that. I don't at this point know what those 
will be, because we haven't seen the rule that Mr. Hawley had 
mentioned earlier this afternoon.
    So we will have to determine what those costs will be as 
the rule unfolds, and as we determine how we are going to 
comply with it.
    But our commitment is, as it has been since 9/11, we want 
to do whatever the Government believes is necessary to resolve 
security concerns in a way that also protects the privacy of 
our customers.
    We have been trying to do that since day one. We will 
continue to do that, and we look forward to your leadership to 
get Secure Flight out there, because we do think that that 
offers the best solution for everybody concerned.
    Ms. Jackson Lee. Are you prepared to go the extra financial 
mile to ensure that this is a working process? Because you are 
right--it will require, at least on the side of the airlines, 
some technical revamp and training on how to utilize the 
system.
    Are the airlines--can you represent the association that 
represents them, that this is going to be a serious effort on 
their part, which includes the issues concerning privacy?
    Mr. Meenan. It is already a serious effort on our part. We 
are expending many millions of dollars today. Obviously, I 
can't tell you that we are going to commit to any amount of 
money that the Government believes is necessary.
    We are dealing with a number of programs right now, for 
example, where the Government has proposed adding an additional 
billion dollars a year to the cost of the airline industry, 
which we think in a related security area, which we think is 
misguided.
    We are seeking better ways of doing that. I don't 
anticipate we will be doing that kind of thing with Secure 
Flight, but we certainly are looking forward to seeing the rule 
and making it work as effectively as we possibly can.
    Ms. Jackson Lee. Let me ask Ms. Coney. We appreciate your 
comments, and I think a lot of your statement was shocking. We 
hope to engage with your organization as we craft the 
legislation dealing with Secure Flight.
    Let me ask you with regard to this program of Secure 
Flight, what are your privacy-related concerns?
    Ms. Coney. Well, EPIC's privacy concerns begins with the 
August 23, 2007, Federal Register Notice of Proposed Rule 
published by the Transportation Security Administration titled 
``Privacy Act 1974 Implementation of Exemption Secure Flight 
Record.''
    In this exemption they point out that they want to exempt 5 
U.S. Code 552(a)(c)(3)(m)(4)(d)(1)(2)-(d)(1) and Section 2, 
Section 3, Section 4, Section (e)(1), Section 2, Section 3, 
Section (4)(g) through (i), Section 5 and Section 8 and Section 
(f) and (g).
    We went through the code, and I just want to show you how 
much of the code they are exempting themselves from the Privacy 
Act, based on what they are requesting in this proposed rule 
change.
    Privacy sounds good when you use the word, but there are 
statutory protections in Federal law that in fact establish 
privacy. These protections take into consideration after 
criminal investigations, those who may be suspected of having 
ill intent toward the U.S. Government or its persons or its 
interests.
    They are regularly used exemptions for those types of 
issues. The fact that this agency wants to take away the 
transparency obligation--in fact telling you that you are in 
fact on a watchlist, and not in a public setting--that is 
inappropriate, but in some kind of communication that yes, your 
name matches someone, and this is what the issues are.
    Allowing you to have due process through the redress 
program, which is called a TRIP program, and allowing you to 
have some kind of way to do an effective due process so that 
you have a right, you have ability to have an advocate work on 
your behalf, and not get a letter in the mail and say, ``Sorry, 
unless you have the money to go take us to court, we won't 
allow that.''
    Even in the problem of the exemptions, they take away your 
right to sue--the civil protections that are part of the 
Privacy Act, should a Government agency or an employee of the 
Government agency abuse access to your records, your personal 
information.
    So there are a number of problems with what the agency is 
doing, and its self-definition of itself, affirmation of its 
meeting the requirements of privacy, it just doesn't satisfy 
us.
    When we look at what the agency is actually doing, they are 
in effect doing something that undermines your right to 
privacy.
    There are a couple of things I would like to get to, and if 
you have the time, I would like to point out on the TRIP 
application itself, there is a question about whether you are a 
registered voter and asking you for your voter ID number and 
the location where you registered to vote.
    I mean that question alone raises alarm bells in our minds 
about what in fact is going on with the redress program, not 
just the watchlist program. It is a black box. It is a process 
that cannot be satisfied, but the agency's saying they are 
meeting the privacy requirements. Thank you.
    Ms. Jackson Lee. I yield myself an additional 5 minutes on 
the second round, and we will conclude on that.
    Let me go right to you to just quickly as to what degree 
has DHS reached out stakeholders such as EPIC to ensure that 
its policies with respect to redress and Secure Flight account 
for privacy rights and related concerns?
    I just need a--and have you--have they reached out to you?
    Ms. Coney. Congresswoman, they have reached out to EPIC. 
EPIC coordinates a program, a project called the Privacy 
Coalition. We hold regularly scheduled meetings. They have come 
to our meetings.
    The things I am saying to you on the record here are things 
they have heard in these meetings. So meeting with us--yes, 
they are willing to do that. But are they listening? That is 
yet a question we haven't seen evidence of.
    Ms. Jackson Lee. So the reach out including the 
stakeholders is not translated into response. Let me just be 
clear on the record that I think it is important that your 
testimony be taken in the right context, which is that I 
understand that you have said that you are fully conversant and 
fully appreciate that there are limitations with respect to 
what the DHS can adhere to.
    But those exemptions of individuals who are to do us harm 
or criminal aspects are exempted already. It is not as if we 
want to give blanket protection.
    But you are saying they have gone beyond that----
    Ms. Coney. Exactly.
    Ms. Jackson Lee [continuing]. And denying citizens their 
right to information, which speaks to Ms. Robinson's point 
about young James growing to a teenager, to a college student 
who will seek to travel internationally.
    Ms. Coney, what problems do you think Mr. Robinson might 
face as he grows up?
    Ms. Coney. The same problems he is experiencing right now. 
There are very fundamental rules for what is going to work, an 
identification system that is completely remote and it is 
computer-based.
    Name-recognition-only identifications fail. We see this in 
a lot of different cities, not just national security-related 
cities.
    For example, sell them voter-roll purge lists that only use 
the name of the person who is listed on the roll to purge voter 
rolls. You have one person that you are talking about, but you 
may have 2,000 individuals within a State that share the same 
name. They all get purged.
    We see that, and it is more prominent when there are--
because there are thousands of people who are showing up on 
Election Day to vote. You are going to see the problem.
    In James' situation, it is him and his family that see the 
problem. There is a lack of transparency, because they are not 
going to seize your letter to tell you you are on this list. We 
know you are not the right person from the exchange that we 
have had from the person who screened you, but we want to make 
you aware of what the situation is.
    The lack of transparency is pernicious, because it 
perpetuates the errors within the process that they have 
established.
    Ms. Jackson Lee. I can't imagine, but we have certainly had 
the first panel. They are not here to answer the question, Mr. 
Meenan. But I can't imagine that transparency would be a 
problem in the Secure Flight program. Do you think that would 
be a problem for the airlines?
    Mr. Meenan. It is our understanding that the Secure Flight 
program will basically resolve the kinds of problems that the 
Robinsons have experienced, because it will enable TSA to know 
with a much greater degree of certainty.
    Then they are able to let us know who this particular 
individual is, not just what this name is, so that they will be 
able to pre-resolve and determine that in fact it is this James 
Robinson, not the James Robinson whose name is on the 
watchlist.
    That is why Secure Flight is so important, because it will 
clear up these problems, rather than compound them.
    Ms. Jackson Lee. Well, I think we should also have some 
transparency that can impact or have access, or be accessed by 
the traveling public as well. I think Ms. Coney's point is is 
that the guard, the breadth of elimination of privacy rights, 
seem to be unacceptable, and I agree with her.
    Mr. Meenan. And I----
    Ms. Jackson Lee. A transparent system in Secure Flight 
should not be something that we should object to.
    Mr. Meenan. I fully expect that TSA anticipates that same 
type of approach to the Secure Flight program. I am not an 
expert on what they have got in mind, but I would be very 
surprised if they weren't seeking transparency.
    Ms. Jackson Lee. Let me ask you this. Although the first 
panel indicated that these mistakes are made, and it is not 
often made, I do know that there have been constituents who 
have come up, who have checked in at the counter, often told by 
airline representatives that it is because they are on a 
watchlist, when in fact this may or may not be the case.
    Do you know if TSA is working with you all to take any 
steps to address this misinformation? What do you do with 
worldwide employees, as many of you have in the industry? I do 
recognize that the airlines have been a good partner in this 
whole question of security.
    But what is going on with respect to those confronted with 
the question or the issue you are on a watchlist, which, of 
course, are two separate entities--the watchlist and 
misidentification?
    Mr. Meenan. There are a number of different pieces of 
confusion here. But I think, as Assistant Secretary Hawley said 
earlier, we are working to try to eliminate that problem among 
a fairly widely dispersed population of employees.
    I think part of the source of that problem was the absence 
of a script for the first 7 years we were engaged in this 
process. It really left it up to the carriers, and often to 
individual employees, to try to come up with, you know: What do 
I say to this person while they are standing in front of them?
    Unfortunately, some people, without the direction of their 
employer, migrated to the idea that well, you must be on the 
watchlist, because they saw that on television or they heard 
that from a colleague.
    Ms. Jackson Lee. Meaning an airline employee?
    Mr. Meenan. An airline employee. We have no doubt that has 
been said to passengers.
    Ms. Jackson Lee. How is TSA is working with you to avoid 
that?
    Mr. Meenan. TSA and the carriers have both made it clear to 
our employees that that is not the case. We now, as of August 
of this year, have a very detailed script that says if you have 
a selectee, you can say A, B or C. If you have someone who is 
on the No-Fly List, you can say C, D or E.
    So that is now working its way into the system, and we are 
confident that over time it will replace what is probably a bad 
habit in some employees of saying, ``Well, you must be on the 
watchlist if you are being delayed.''
    We are working to eliminate that problem, and TSA has been 
an effective partner in encouraging that.
    Ms. Jackson Lee. Well, Mr. Meenan, I want you to work extra 
hard. Our committee will be working with you. We would like to 
have, if we could, in writing possibly, the various procedures 
that the airline industry has put in place, generally speaking, 
that we would like to have submitted into the record to this 
committee that has pointed to those discrepancies that we have 
seen.
    I thank you for that. I would also be interested in any 
estimates that you can make as we move forward into the Secure 
Flight program, generally speaking, so that we can begin to see 
the commitment of the airlines.
    I would also like to have in writing--I think I asked you 
on the record; I am going to do yes or no for you--the 
willingness of the airlines to commit, recognizing the industry 
sort of constraints. I understand the finances.
    But am I to understand that Air Transport Association 
within the airlines is committed to working as hard as they can 
with the TSA and DHS, Department of Homeland Security to make 
this work, and work right?
    Mr. Meenan. No question about it.
    Ms. Jackson Lee. Let me thank you, Ms. Robinson. We have 
heard intertwining words--No-Fly, the Secure or Selectee, and 
the watchlist, all having to do with the security of this 
Nation.
    Yet if, as one of our Members said, the most sophisticated 
nation in the world with technology, appreciation for our 
Constitution, can't get it right, who can?
    Your presence here today has really offered to us a 
roadmap. One of the extreme cases, because I imagine as 
individuals are listening, there may be parents of other 
youngsters.
    In 2001, and correct me if I am wrong, and I did not get 
James' actual birthdate, but he was certainly a toddler, an 
infant, being 8 now, and therefore was certainly having no 
ability, I imagine, to be that creative to be involved in any 
untoward activity.
    He is now full steam ahead, growing to be a young man, and 
a very important young man to us, because he symbolizes the 
complexity and the foolishness of this process.
    I indicated to you, and I thought you were being polite. 
You didn't want to talk to James as others were talking. Let me 
allow you just to talk to him for a moment about his feeling of 
being here. Mommy knows how to ask a question, because I see 
the coming to the end--that might excite him--of this hearing 
in process.
    But I am going to let you just bend down and ask him. Then 
you can share with us his thoughts, because you only asked him 
one question, and we will yield just for a moment so that you 
can get some words out of him.
    Tell him he will be heard on this record.
    Ms. Robinson. So James says that he is nervous about being 
here, because again it is putting him in the spotlight, which 
is a bit uncomfortable. But he is also excited about being 
here, because he does feel, and he and I have discussed this, 
but he does feel that it is sort of the opportunity to get him 
off.
    Because we have tried all the other things, and it hasn't 
worked. So he is excited about the prospect that he will get 
off.
    Ms. Jackson Lee. Well, maybe the bug has touched him about 
solving problems at the Federal Government level. I know that 
the James Robinson name sounds like a good Presidential name 
for some decades to come.
    So I want to make a commitment that this committee, as 
Assistant Secretary Hawley indicated, would work with us on a 
quick fix through legislation.
    We will use the testimony, Ms. Robinson, that you have 
given us, and the words that James has given to you, as an 
instructive roadmap to move quickly.
    I think a legislative fix may be important, as long as it 
does not cause delay, because Ms. Coney's comment of privacy 
are shocking to me, shocking to Members of the committee, I 
know, that will read her statement.
    We want to be assured that a rulemaking doesn't diminish 
any more of the privacy rights and the transparency than is 
necessary that can parallel and complement the necessity of a 
watchlist, along with the importance of protecting the 
Constitution.
    Mr. Meenan, we have always been friends of the airline 
industry. We helped them in 2001 in the serious and tragic 
incident of 9/11, in, as you well know, a major bailout. So we 
want to count ourselves as friends to the airline industry. But 
we also have to count them as friends to fix this problem.
    The hearing was entitled, ``Clean Up the Watchlist.'' I 
think the witnesses collectively, the first panel and the 
second panel, have given us our marching orders, but they have 
also given us a framework for saying we cannot continue this on 
our watch.
    So we will look to all of the witnesses that have 
participated to give us the, if you will, the details that will 
generate into a solution and a respect of a watchlist that is 
respectable.
    That will include the problem Homeland Security and the 
Federal Bureau of Investigation, Secretary Chertoff in these 
waning months and Director Mueller to help us fix this problem.
    So let me again thank the witnesses for their valuable 
testimony and the Members for their questions.
    The Members of the subcommittee may have additional 
questions for the witnesses, and we ask that you respond to 
them expeditiously in writing.
    Hearing no further business, the subcommittee thanks all of 
you again, and the committee is adjourned.
    [Whereupon, at 5:13 p.m., the subcommittee was adjourned.]

                                 

